Information recording/reproducing apparatus and method

ABSTRACT

An information reproducing method and an information reproducing device in which the key renewal block (KRB) of the latest verison is selectively used to encrypt the content to store the encrypted contents in a recording medium. A plural num er of KRBs of different generations and versions are stored in a recording medium. If the latest KRB is detected, it is stored in a memory unit within the recording and/or reproducing device. A plural number of KRBs having plural different generations or versions are stored on the recording medium. With the present method and device, in storing the content in the recording medium, the latest usable one of the KRB in the memory unit of the reproducing device and plural KRBs on the recording medium is detected to acquire an encrypting key, such as a media key, to execute the content encryption. In this manner, the encrypted content based on a KRB of a newer version can at all times be stored on the recording medium.

TECHNICAL FIELD

[0001] This invention relates to an information recording device, aninformation reproducing device, an information recording method, aninformation reproducing method, an encrypting key renewal method, aninformation recording medium and a computer program. More particularly,it relates to configuration in which a cipher key, such as a master keyor a media key, is renewed using a hierarchical key distribution systemof a tree structure, and in which the content newly stored on arecording medium can be encrypted using a newer key.

BACKGROUND ART

[0002] In keeping up with progress and development of digital signalprocessing techniques, recording devices or recording media fordigitally recording the information, are finding widespread use. Withthe digital recording device or recording medium, since copying can berepeatedly made without degrading the sound or picture quality,recording media obtained on unauthorized duplication may be circulatedon the market, thus impairing the benefit of the copyright owners orauthorized distributers of various content items, such as music ormotion pictures. Nowadays, various techniques or systems for preventingunauthorized duplication have been introduced in the digital recordingdevices or digital recording media in order to prohibit suchunauthorized duplication of digital data.

[0003] For example, in a MD (mini-disc), MD being a trademark, an SCMS(Serial Copy Management System) is used as a method of prohibitingunauthorized duplication. The SCMS is such a system in which, on thedata reproducing side, an SCMS signal is output along with audio datafrom a digital interface (DIF) and, on the receiving side, the recordingof audio data from the reproducing side is controlled based on the SCMSsignal from the reproducing side to prohibit the unauthorizedduplication.

[0004] Specifically, the SCMS signal is such a signal indicating whethergiven audio data is copy-free data, for which copying can be made anynumber of times, copy-once-allowed data, for which copying is allowedonly once, or copy-prohibited data, for which copying is prohibited. Onreceipt of audio data from the DIF, the data recording side detects theSCMS signal, sent along with the audio data. If the SCMS signal iscopy-free, the audio data is recorded, along with the SCMS signals, on amini-disc. If the SCMS signal is copy-once-allowed, the SCMS signal ischanged to copy-prohibited and is recorded along with the audio data onthe mini-disc. If the SCMS signal is copy-prohibited, audio data is notrecorded. By this control employing the SCMS, unauthorized duplicationof audio data, protected by copyright, may be prevented from occurring.

[0005] With the SCMS, it is prerequisite that the data recordingequipment itself owns the structure of controlling the recording of theaudio data from the reproducing side, based on the SCMS signals, asdescribed above. Thus, if the mini-disc not having the structure ofexecuting the SCMS control is produced, it is difficult to cope with theillicit copying. So, the DVD player, for example, is configured forprohibiting illicit copying of copyright-protected data by exploiting acontent scramble system.

[0006] In the content scramble system, video or audio data are recordedencrypted in a DVD-ROM(Read Only Memory), and a key used for decodingthe encrypted data (decrypting key) is given a licenced DVD player. Itis a DVD player, designed to comply with preset operational regulations,such as not undertaking illicit copying, that is licensed. So, thelicenced DVD player is able to reproduce the pictures or speech from theDVD-ROM by decoding the encrypted data, recorded on the DVD-ROM, byexploiting the accorded key.

[0007] On the other hand, an unlicenced DVD player, not having a key fordecoding the encrypted data, is unable to decode the encrypted datarecorded on the DVD-ROM. Thus, with the content scramble systemconfiguration, a DVD player not meeting required conditions at thelicencing time cannot reproduce the DVD-ROM having digital data recordedthereon, thus prohibiting unauthorized duplication.

[0008] However, the content scramble system, used in the DVD-ROM, isdesigned for a recording medium on which data writing by the user isimpossible (this sort of the recording medium is incidentally referredto below as ROM media), while account is not taken of applicationthereof to a recording medium on which data writing by the user ispossible (this sort of the recording medium is incidentally referred tobelow as RAM media).

[0009] That is, if the data recorded on the ROM media is encrypted, butthe encrypted data is copied in its entirety on the RAM media, theresult is a so-called pirate edition reproducible on a licencedauthorized device.

[0010] The present Assignee proposed in our senior patent application(Japanese Laying-Open Patent Publication H-11-224461; JP PatentApplication 10-25310) a configuration in which the information foridentification of individual recording media, referred to below asmedium identification information, is recorded along with other data ona recording medium in question to permit only the licenced authenticdevice to access the medium identification information of the recordingmedium.

[0011] With this method, data on the recording medium is encrypted bythe media identification information and a secret key (master key),obtained on licencing, such that, if an unlicenced device or equipmentreads out the encrypted data, no meaningful data can be produced. It isnoted that the device has its operation regulated at the time oflicencing so that illicit duplication (unauthorized copying) isprohibited.

[0012] An unlicenced device cannot access the media identificationinformation, while the medium identification information is of a valuespecific to each medium, so that, even if such unlicenced deviceduplicates the totality of the encrypted data, recorded on the recordingmedium, on a new recording medium, the data recorded on the so producedrecording medium cannot be decrypted correctly on a licenced device, tosay nothing of the unlicenced device, thus effectively prohibiting theunauthorized duplication.

[0013] Meanwhile, in the above configuration, a master key stored in alicenced device or equipment is usually common to all devices orequipment. The reason the master key common to the plural equipment isstored is that this represents an essential condition in order to makethe media recorded on a given equipment reproducible on other equipment,that is to assure interoperability.

[0014] If, in such system, a hacker has succeeded in aggressing anequipment and has taken out the master key, the data recorded encryptedcan be decrypted in the entire system, thus leading to breakdown of theentire system. In order to prevent this from occurring, it is essentialthat, if it is revealed that a given equipment is attacked and a masterkey has become explicit, the master key be changed to a new one, whichthen is given the totality of the equipment except the equipment whichhas succumbed to the attack. As the simplest system to realize thisconfiguration, a key unique to each equipment (device key) may be giveneach equipment and a value obtained on encrypting the new master keywith the individual device key may then be formed and transmitted toeach equipment through a recording medium. However, in this case, thevolume of the entire messages to be transmitted is undesirably increasedin proportion to the number of the equipment.

[0015] As the configuration, intended to overcome such problem, thepresent Assignee has already proposed in our co-pending patentapplication (JP Patent Application 2000-105328) a configurationemploying a key distribution method having respective informationreproducing devices arranged at respective leaves of an n-branched tree,in which a key necessary for recording the content data on a recordingmedium or reproduction from the recording medium (master key or mediakey) is distributed through a recording medium or over a communicationnetwork, each equipment then undertaking the recording or reproductionof the content data using the so distributed master key or media key toenable the key to be distributed to authorized equipment (equipment inwhich secrecy is not disclosed) with a lesser message volume.Specifically, a key required in generating a key required for recordingon a recording medium or reproduction from the recording medium, forexample, a node key allocated to each leaf or node of an n-branchedtree, is set as a renewal node key. The renewal node key is encryptedsuch that decryption is possible with a leaf key or a node key ownedsolely by the authorized equipment, and the resulting encryptedinformation is included in a key renewal block (KRB) which is thendistributed to each information recording and/or reproducing equipment.On receipt of the key renewal block (KRB), each recording and/orreproducing equipment executes KRB decrypting processing to acquire thekey necessary in recording or reproduction on or from the recordingmedium.

[0016] The aforementioned structure has a feature that, if it isrevealed that a given device in a specified system (group or set ofrecording and/or reproducing devices) is attacked by a hacker and adevice key as the secrecy of the device has become disclosed, therecording and/or reproducing device, the secrecy of which as becomedisclosed, is excluded from the system, that is the recording and/orreproducing interoperability between the device thus excluded from thesystem and the devices not excluded from the system is disabled, insofaras recording media manufactured since that time is concerned.

[0017] In this system, there is presented a problem that an equipmentthe secrecy of which has become disclosed can be excluded from thesystem only insofar as recording media manufactured since that time isconcerned, whereas data recorded on a recording medium manufacturedprior to the time of such disclosure can be decrypted using the sodisclosed key even although the actual data recording time is posteriorto the time of such disclosure, that is, there may be occasions wherethe device to be excluded cannot actually be excluded.

[0018] In view of the above-described status of the art, it is an objectof the present invention to provide a information recording devices, aninformation reproducing device, an information recording method, aninformation reproducing method, a cipher key renewal method, aninformation recording medium and a computer program, in which, after itis revealed that secrecy has become disclosed, recording media producedprior to such disclosure cannot be decrypted using the disclosed key toenable more effective encryption of content.

DISCLOSURE OF THE INVENTION

[0019] The present invention overcomes the aforementioned problems, andaims to provide an information recording device, an informationreproducing device, an information recording method, an informationreproducing method, an encrypting key renewal method, an informationrecording medium and a computer program, in which, if it is revealedthat secrecy has become disclosed, recording media produced before thetime of such disclosure is adapted to be not decryptable with thedisclosed key to enable more effective contents decryption.

[0020] To this end, the present invention provides an informationrecording device for recording the information on a recording medium,including memory means for holding a node key unique to each node of ahierarchical tree structure having a plural number of such informationrecording devices, operating as leaves, and a leaf key unique to eachinformation recording device, the memory means also holding a keyrenewal block formed as renewal key storage data decryptable using atleast one of the node key and the leaf key, and encryption means fordecrypting the key renewal block decryptable using at least one of thenode key and the leaf key provided in the information recording deviceto calculate an encrypting key used in encrypting data to be stored inthe recording medium, the encryption means encrypting the data to bestored in the recording medium using the calculated encrypting key , Theencryption means detects, in encrypting and storing the content for therecording medium, the latest usable key renewal block from key renewalblocks stored in the recording medium and from the key renewal blockstored in the memory means of the information recording device itself,the encryption means encrypting the data to be stored on the recordingmedium using the encrypting key obtained on decrypting the detectedlatest usable key renewal block.

[0021] The present invention also provides an information reproducingdevice for reproducing the information from a recording medium,including memory means for holding a node key unique to each node of ahierarchical tree structure having a plural number of such informationreproducing devices operating as leaves, and a leaf key unique to eachinformation reproducing device, the memory means also holding keyrenewal blocks each formed as renewal key storage data decryptable usingat least one of the node key and the leaf key, and encryption means fordecrypting the key renewal block decryptable using at least one of thenode key and the leaf key provided in the information reproducing deviceto calculate an encrypting key used for decrypting the cipher datastored in the recording medium. The encryption means decrypts the cipherdata stored in the recording medium using the calculated encryption key.The encryption means detects, in the processing of decrypting the cipherdata stored in the recording medium, the one of the key renewal blockstored in the recording medium and the key renewal block stored in thememory means of the reproducing device itself, which has a versioncoincident with the version of the encrypting key of the content to bereproduced. The encryption means executes the decrypting processing ofthe cipher data stored on the recording medium using the encrypting keyobtained by the processing of decrypting the detected key renewal block.

[0022] The present invention also provides an information recordingmethod in an information recording device adapted for recording theinformation for a recording medium, the information recording deviceholding a node key unique to each node of a hierarchical tree structurehaving a plural number of such information recording devices, operatingas leaves, and a leaf key unique to each information recording device,in which the method includes a step of detecting the latest usable oneof the key renewal blocks stored in the recording medium and the keyrenewal block stored in the memory means of the information recordingdevice itself, a step of decrypting the detected latest usable keyrenewal block, at the detection step, using at least the node key or theleaf key held in the information recording device, to calculate theencrypting key used in encrypting the data stored in the recordingmedium, and a step of encrypting the recording data for the recordingmedium, using the calculated encrypting key, to store the encrypted dataon the recording medium.

[0023] The present invention also provides an information reproducingmethod in an information recording device adapted for recording theinformation for a recording medium, each of a plurality of such devicesholding a node key unique to each node of a hierarchical tree structurehaving the plural respective information recording devices operating asleaves, and a leaf key unique to each information reproducing device, inwhich the method includes a step of acquiring the version information ofan encrypting key for the content being reproduced, stored in arecording medium, a step of detecting the one of the key renewal blockstored in the recording medium and the key renewal block stored in amemory means of the reproducing device itself, which has a versioncoincident with the version of the encrypting key of the content to bereproduced, a step of generating an encrypting key by decryptionprocessing of a key renewal block as detected by the detection step, anda step of decrypting the cipher data stored in the recording mediumusing the generated encrypting key.

[0024] The present invention also provides an information recordingmedium capable of recording the information, the recording medium havingstored therein, as key renewal blocks having different configurations, aplural number of key renewal blocks, each obtained on encrypting arenewal node key contained in each node key unique to each node forminga hierarchical tree structure having a plural number of informationrecording or reproducing devices operating as leaves, and a leaf keyunique to each information recording or reproducing device, using a keyincluding at least a leaf key or a node key of a lower layer.

[0025] The present invention provides a computer program for executingon a computer system the information recording processing in aninformation recording device which holds a node key unique to each nodeforming a hierarchical tree structure having plural such informationrecording devices, operating as leaves, and a leaf key unique to eachinformation recording device, and which records the information on arecording medium, in which the program includes a detecting step ofdetecting the latest usable key renewal block from the key renewalblocks stored in the recording medium and the key renewal block storedin the memory means of the information recording device itself, adecrypting step of decrypting the detected latest usable key renewalblock at the detecting step using at least one of the node key and theleaf key provided in the information recording device, to calculate theencrypting key used in encrypting the data stored on the recordingmedium and a step of encrypting the recording data for the recordingmedium using the encrypting key as found in the decrypting step to storethe encrypted recording data on the recording medium.

[0026] The present invention also provides a computer program forexecuting on a computer system the information reproducing processing inan information reproducing device holding a node key unique to each nodeforming a hierarchical tree structure having the plural such informationreproducing devices operating as leaves, and a leaf key unique to eachinformation reproducing device, and which decrypts the cipher datastored in the recording medium, in which the program includes a step ofacquiring the version information of an encrypting key of the content tobe reproduced, stored on a recording medium, a step of detecting a keyrenewal block having a version coincident with the version of theencrypting key of the content to be reproduced, from the key renewalblocks stored in the recording medium and the key renewal block storedin the memory means of the information recording device itself, a stepof generating an encrypting key by decryption processing of the keyrenewal block detected in the detecting step and a step of decryptingthe cipher data stored on the recording medium using the generatedencrypting key.

[0027] The present invention also provides an information recordingdevice for recording the information on a recording medium, eachrecording device including memory means for holding a node key unique toeach node of a hierarchical tree structure having a plural number ofsuch information recording devices operating as leaves and a leaf keyunique to each information recording device, the memory means alsoholding a key renewal block each formed as renewal key storage datadecryptable using at least one of the node key and the leaf key,encryption means for decrypting the key renewal block formed as renewalkey storage data decryptable using at least one of the node key and theleaf key provided in the information recording device to calculate anencrypting key used in encrypting the data to be stored in the recordingmedium, the encryption means encrypting the data stored in the recordingmedium using the calculated encrypting key, and renewing means forcomparing, in accessing the recording medium, the version of a keyrenewal block stored in the recording medium to that of the key renewalblock owned by the information recording device itself, and for writingthe key renewal block of the new version on the recording medium if thekey renewal block of the new version is the key renewal block stored inthe memory means of the recording device itself, and the key renewalblock of the new version is not as yet stored on the recording medium.

[0028] The present invention also provides an information reproducingdevice for reproducing the information from a recording medium, eachinformation reproducing device including memory means for holding a nodekey unique to each node of a hierarchical tree structure having a pluralnumber of such information reproducing devices operating as leaves and aleaf key unique to each information reproducing device, the memory meansalso holding a key renewal blocks formed as renewal key storage datadecryptable using at least one of the node key and the leaf key,encryption means for decrypting the key renewal block decryptable usingat least one of the node key and the leaf key provided in eachinformation reproducing device to calculate an encrypting key used inencrypting data to be stored in the recording medium, the encryptionmeans decrypting the data stored in the recording medium, using thecalculated encrypting key, and renewal means for comparing, in accessingthe recording medium, the version of a key renewal block stored in therecording medium to that of the key renewal block owned by thereproducing device itself, and for writing the key renewal block of thenew version in the recording medium, if the key renewal block of the newversion is the key renewal block stored in the memory means ofreproducing device itself, and the key renewal block of the new versionis not as yet stored on the recording medium.

[0029] The present invention also provides, for use in a recording orreproducing device for recording the information on a recording mediumincluding a node key unique to each node forming a hierarchical treestructure having a plural number of such information recording devices,operating as leaves, and a leaf key unique to each recording device, amethod for renewing an encrypting key including a detection step ofdetecting the latest usable one of the key renewal blocks stored on therecording medium and the key renewal block stored in the memory means ofthe recording or reproducing device, and a renewal step of undertaking,in case the latest version of the key renewal block is the key renewalblock stored in the memory means of the information recording orreproducing device itself and the key renewal block of the new versionhas not been stored on the recording medium, the writing of the keyrenewal block of the new version on the recording medium.

[0030] The present invention also provides a computer program for havinga computer system execute encryption key renewal processing in aninformation recording or reproducing device for recording or reproducingthe information for a recording medium, holding a node key unique toeach node forming a hierarchical tree structure having a plural numberof information recording devices operating as leaves, and a leaf keyunique to each information recording device, in which the computerprogram includes a detection step of detecting the latest usable keyrenewal block of the new version of the key renewal blocks stored on therecording medium and the key renewal block stored in the memory means ofthe recording or reproducing device itself, and a renewal step ofundertaking, in case the latest version of the key renewal block is thekey renewal block stored in a memory means of the information recordingor reproducing device itself and the key renewal block of the newversion has not been stored on the recording medium, the writing of thekey renewal block of the new version on the recording medium.

[0031] In the configuration of the present invention, the volume of themessages for distribution necessary for key renewal is suppressed to asmall value by employing a hierarchical key distribution system of atree structure. That is, the key distribution method of a configurationhaving respective equipment arranged at respective leaves of then-branched tree is used. The key necessary for recording and/orreproducing the content data for a recording medium, such as a masterkey or a media key, is distributed over a recording medium or acommunication network, and used by respective equipment for recordingand/or reproducing the content data.

[0032] The present invention provides a configuration in which, forovercoming the aforementioned problem, plural media keys can be setinstead of setting a sole media key for each recording medium. That is,even after a recording medium is manufactured and presented to themarket, the recording or the reproducing device is enabled to write akey renewal block (KRB) for calculating a newer media key on therecording medium. In recording the data on the recording medium, therecording or reproducing device calculates the media key, using thelatest one of the key renewal blocks (KRBs) on the recording medium andthe KRB stored in itself to use it for encrypting the data. If thelatest KRB is stored not on the recording medium but on the deviceitself, the device stores it on the recording medium.

[0033] Additionally, the recording or reproducing device checks theversions of the entire KRBs on the recording medium in accessing therecording medium and, if the latest KRB is newer than the KRB stored onitself, it substitutes the latest KRB for the KRB it has stored, by wayof KRB renewal. By this processing, new recording media may be stored inthe recording and/or reproducing device one after another and, inrecording the data, the data are encrypted and recorded using media keyscalculated by the latest KRB stored then in the recording and/orreproducing device and in the recording medium, so that, in recordingthe data on the recording medium, the recording or reproducing devicecalculates the media key, using the latest one of the key renewal blocks(KRBs) on the recording medium and the KRB stored in itself to use itfor encrypting the data. If the latest KRB is stored not on therecording medium but on itself, the device stores it on the recordingmedium. Even granting that the recording medium was produced at a remotepast time point, with the KRB pre-stored on the recording medium beingextremely old, or the KRB stored in the recording and/or reproducingdevice is also old, the probability is high that a new KRB be used atdata recording time, thus assuring higher data security.

[0034] Also, the present invention provides a configuration in which,for overcoming the aforementioned problem, keys of plural generationsand different versions can be stored in the recording medium, so that,when the recording and/or reproducing device accesses the recordingmedium, newer keys can be stored on the recording medium, while unneededkeys are deleted. In recording the data on the recording medium, therecording or reproducing device calculates the media key, using thelatest one of the key renewal block (KRB) stored on the recording mediumand the KRB stored in itself, to use it for encrypting the data. If thelatest KRB is stored not on the recording medium but on itself, thedevice stores it on the recording medium.

[0035] Moreover, according to the recording and /or reproducing deviceaccording to the present invention, new KRBs are recorded on therecording medium not only when contents data are recorded but also whenthe recording medium is loaded on the recording and/or reproducingdevice and when the recording and/or reproducing device accesses therecording medium. By so doing, a recording and/or reproducing devicehaving a KRB newer than the entire KRBs stored on the recording mediumis able to record a new KRB on the recording medium even when notrecording contents data thus raising the speed of migration of the newKRBs. Although it may be contemplated that one or more KRBs other thanthe latest KRB on the recording medium be left on the recording medium,such KRB(s) may be erased to save the recording capacity of therecording medium.

[0036] Meanwhile, the program furnishing medium according to the presentinvention is a medium for furnishing a computer program, in a computerreadable form, to a general-purpose computer system capable of executinga variety of program codes. There is no particular limitation to theconfiguration of the media, including recording media, such as CD, FD orMO, or to the transmission medium, such as networks.

[0037] The program furnishing medium gives a definition of therelationship as to structural or functional cooperation between thecomputer program and the furnishing medium in implementing the functionsof the preset computer program on a computer system. Stated differently,by installing the computer program on the computer system through thefurnishing medium, cooperative actions can be realized on the computersystem to realize the operations and effect similar to the other aspectsof the present invention.

[0038] Other objects, features and advantages of the present inventionwill become more apparent from reading the embodiments of the presentinvention with reference to the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0039]FIG. 1 is a block diagram showing an illustrative structure of aninformation recording and/or reproducing device of the presentinvention.

[0040]FIGS. 2A and 2B show data recording processing flow of theinformation recording and/or reproducing device of the presentinvention.

[0041]FIGS. 3A and 3B show data reproduction processing flow of theinformation recording and/or reproducing device of the presentinvention.

[0042]FIG. 4 shows a tree structure for illustrating the encryptionprocessing for a key, such as a media key, for the information recordingand/or reproducing device of the present invention.

[0043]FIGS. 5A and 5B show an instance of a key renewal block (KRB) usedfor distributing media keys to the recording and/or reproducing deviceaccording to the present invention.

[0044]FIG. 6 shows an instance of distribution and an instance ofdecryption processing employing a key renewal block (KRB) for a mediakey in the information recording and/or reproducing device.

[0045]FIG. 7 is a block diagram for illustrating the encryptionprocessing in data recording processing employing a media key in therecording and/or reproducing device according to the present invention.

[0046]FIG. 8 illustrates the generation of a key unique to a disc,usable in the information recording and/or reproducing device accordingto the present invention.

[0047]FIG. 9 shows an instance of generating and processing a key uniqueto a title, usable in the information recording and/or reproducingdevice according to the present invention.

[0048]FIG. 10 shows an instance of generating and a block key, usable inthe information recording and/or reproducing device according to thepresent invention.

[0049]FIG. 11 is a block diagram for illustrating the decryptionprocessing during data reproduction employing a media key in theinformation recording and/or reproducing device according to the presentinvention.

[0050]FIG. 12 shows an instance of a format of a key renewal block (KRB)used in the set of information recording and/or reproducing devices ofthe present invention.

[0051]FIG. 13 illustrates the structure of a tag of a key renewal block(KRB) used in the set of information recording and/or reproducingdevices of the present invention.

[0052]FIGS. 14A and 14B illustrate renewal processing of the key renewalblock (KRB) in the recording and/or reproducing device and the recordingmedia holding a plural number of the key renewal blocks (KRBs) in thethe recording and/or reproducing devices of the present invention.

[0053]FIG. 15 is a flow diagram for illustrating the renewal processingof the recording and/or reproducing device of the present invention.

[0054]FIGS. 16A and 16B illustrate a recording medium holding a pluralnumber of the key renewal blocks (KRBs) in the information recordingand/or reproducing device of the present invention and storageprocessing of content encrypted by a key acquired using the latest keyrenewal block (KRB).

[0055]FIG. 17 is a flow diagram for illustrating the processing ofencryption by the key acquired using the key renewal block (KRB) and theprocessing of storing the content in the recording and/or reproducingdevice of the present invention.

[0056]FIG. 18 is a flow diagram for illustrating the processing ofencryption by a key acquired using the key renewal block (KRB) and theprocessing of reproducing the content in the information recordingand/or reproducing device fthe present invention.

[0057]FIGS. 19A and 19B illustrate the renewal of the key renewal block(KRB) stored in the recording and/or reproducing device according to thepresent invention.

[0058]FIGS. 20A and 20B illustrate renewal processing of the key renewalblock (KRB) stored in the recording medium in the recording and/orreproducing device according to the present invention.

[0059]FIGS. 21A and 21B illustrate the processing of deleting the keyrenewal block (KRB) stored in the recording medium in the recordingand/or reproducing device according to the present invention.

[0060]FIG. 22 is a flow diagram for illustrating the renewal anddeletion processing for the key renewal block (KRB) in the recordingand/or reproducing device according to the present invention.

[0061]FIG. 23 is a flow diagram for illustrating the processing ofencryption by a key acquired using the key renewal block (KRB) and theprocessing of storing the content in the recording and/or reproducingdevice according to the present invention.

[0062]FIG. 24 is a flow diagram for illustrating the processing ofdecryption by a key acquired using the key renewal block (KRB) and theprocessing of reproducing the content in the recording and/orreproducing device according to the present invention.

[0063]FIGS. 25A and 25B are flowcharts for illustrating the datarecording processing and the copying controlling processing in therecording and/or reproducing device according to the present invention.

[0064]FIGS. 26A and 26B are flowcharts for illustrating the datareproducing processing and the copying controlling processing in therecording and/or reproducing device according to the present invention.

[0065]FIG. 27 is a block diagram showing the structure of processingmeans in executing the data processing by a software in the recordingand/or reproducing device according to the present invention.

BEST MODE FOR CARRYING OUT THE INVENTION

[0066] Referring to the drawings, the present invention is now explainedin detail.

[0067]FIG. 1 is a block diagram showing the structure of an embodimentof a recording and/or reproducing device 100 according to the presentinvention. The recording and/or reproducing device 100 includes aninput/output I/F (interface) 120, an MPEG (Moving Picture Experts Group)codec 130, an input/output I/F (interface) 140 inclusive of an A/D andD/A converter 141, encryption processing means 150, a ROM (read-onlymemory) 160, a CPU (central processing unit) 170, a memory 180 and arecording medium interface (I/F) 190 for a recording medium 195. Theseunits are interconnected over a bus 110.

[0068] The input/output I/F 120 receives digital signals forming variouscontent, such as pictures, speech or programs, supplied from outside, tooutput the received signals over the bus 110. The input/output I/F 120also receives digital signals over the bus 110 to output the signals tooutside. The MPEG codec 130 MPEG-decodes the MPEG-encoded data, suppliedover the bus 110, to output the decoded data to the input/output I/F140, while MPEG-encoding digital signals supplied from the input/outputI/F 140 to output the encoded signals over the bus 110. The input/outputI/F 140 includes an A/D-D/A converter 141. The input/output I/F 140receives analog signals, as content, supplied from outside, to A/D(analog/digital) convert the received analog signals into digitalsignals, which are output at the MPEG codec 130. The input/output I/F140 also D/A (digital/analog) converts digital signals from the MPEGcodes 130 by the A/D-D/A converter 141 into analog signals which areoutput to outside.

[0069] The encryption processing means 150 is formed by, for example, aone-chip LSI (large scale integrated circuit), and encrypts or decryptsthe digital signals, as content, supplied over the bus 110, to outputthe resulting data again over the bus 110. Meanwhile, the encryptionprocessing means 150 is not limited to a one-chip LSI but may also beformed by various software and hardware combined together. Theconfiguration as processing means by the software configuration will beexplained subsequently.

[0070] The ROM 160 memorizes a leaf keys, as device key inherent to eachof plural recording and/or reproducing devices or to each of pluralgroups of recording and/or reproducing devices, and a node key as adevice key co-owned by plural recording and/or reproducing devices or byplural groups of recording and/or reproducing device. The CPU 170executes programs stored in a memory 180 to control e.g., the MPEG codec130 and the encryption processing means 150. The memory 180 is e.g., anon-volatile memory for storing programs run by the CPU 170 or datarequired for operation of the CPU 170. The recording medium interface190 drives a recording medium 195, capable of recording and/orreproducing digital data, to read out or reproduce digital data from therecording medium 195 to output the so read-out digital data over the bus110. The recording medium interface 190 also furnishes the digital data,provided over the bus 110, to the recording medium 195 for recordingthereon. Meanwhile, the program and the device key may also be stored inthe ROM 160 and in the memory 180, respectively.

[0071] The recording medium 195 is a medium capable of memorizingdigital data, including optical discs, such as DVD or CD,magneto-optical disc, magnetic disc, magnetic tape or a semiconductormemory, such as RAM. In the present embodiment, the recording medium 195is removable with respect to the recording medium interface 190. Therecording medium 195 may also be enclosed in the recording and/orreproducing device 100.

[0072] Referring to the flowcharts of FIGS. 2A, 2B, 3A and 3B, the datarecording processing on the recording medium and the data reproducingprocessing from the recording medium, in the recording and/orreproducing device of FIG. 1, are hereinafter explained. In recordingthe content of digital signals from outside on the recording medium 195,the recording processing in accordance with the flowchart of FIG. 2A isperformed. That is, when the content of digital signals (digitalcontent) are sent e.g. over an IEEE (Institute of Electrical andElectronics Engineers) 1394 serial bus to the input/output I/F 120, theinput/output I/F 120 at step S201 receives the digital content, suppliedthereto, to output the received digital content over the bus 110 to theencryption processing means 150.

[0073] The encryption processing means 150 at step S202 executes theencryption processing on the digital content received to output theresulting encrypted content over the bus 110 to the recording mediuminterface 190. The encrypted content is recorded via recording mediuminterface 190 on the recording medium 195 (S203) to terminate therecording processing.

[0074] As the standard for protection of digital content in case oftransmitting the digital content between equipment interconnected overIEEE1394 serial bus, 5CDTCP (Five Company Digital Transmission ContentProtection), incidentally referred to as DTCP, is provided by fivecompanies inclusive of the Assignee company (SONY Corporation). In thisDTCP, when non-copy-free digital content is transmitted betweendifferent devices, reciprocal authentication is performed prior to datatransmission to check as to whether or not the copy control information,used for copy control, can be handled correctly. The transmission sidethen encrypts the digital content and sends the so encrypted content,with the receipt side then decrypting the encrypted digital content(encrypted content).

[0075] In data transmission and reception, based on the DTCP standard,the input/output I/F 120 on the data receipt side at step S201 receivesthe encrypted content over the IEEE1394 serial bus to decrypt theencrypted content in accordance with the DTCP to output the resultingplaintext content subsequently to the encryption processing means 150.

[0076] The encryption of the digital content by DTCP is executed bygenerating a key changing with time and by employing the so-generatedkey. The encrypted digital content, inclusive of the key used forencryption, is transmitted over the IEEE1394 serial bus. The receiptside decrypts the encrypted digital content, using the key containedtherein.

[0077] More correctly, according to DTCP, an initial value of the keyand a flag indicating the change timing of the key used in encryptingthe digital content is included in the encrypted content. The receiptside modifies the initial value of the key contained in the encryptedcontent with a timing of a flag similarly contained in the encryptedcontent to generate a key used for encryption to decrypt the encryptedcontent. However, this may be thought to be equivalent to the encryptedcontent containing a key for decryption. Therefore, in the following,this understanding is used. It should be noted that an informationversion of the DTCP standard can be acquired by any person from DTLA(Digital Transmission Licensing Administrator).

[0078] The processing of recording the content of analog signals fromoutside on the recording medium 195 is now explained with reference tothe flowchart of FIG. 2B. When the content of the analog signals (analogcontent) are sent to the input/output I/F 140, the input/output I/F 140at step S221 receives the analog content. The input/output I/F 140 thenproceeds to S222 to A/D convert the analog content by the enclosedA/D-D/A converter 141 to form content of digital signals (digitalcontent).

[0079] The digital content is sent to the MPEG codec 130. At step S223,the digital content is MPEG encoded, that is encoded by MPEGcompression. The resulting encoded data is sent over the bus 110 to theencryption processing means 150.

[0080] Subsequently, at steps S224 and S225, the processing similar tothat performed at steps S202 and S203 of FIG. 2A is performed. That is,the encryption processing by the encryption processing means 150 isexecuted and the resulting encrypted content is recorded on therecording medium 195. The recording processing is then terminated.

[0081] The processing of reproducing the content recorded on therecording medium 195 and outputting the reproduced content as digital oranalog content is explained with reference to the flowcharts of FIGS. 3Aand 3B. The processing of outputting the content as digital content tooutside is executed as the reproduction processing conforming to theflowchart of FIG. 3A. That is, first, at step S301, the encryptedcontent, recorded on the recording medium 195, is read out by therecording medium interface 190, and output over the bus 110 to theencryption processing means 150.

[0082] The encryption processing means 150 at step S302 decrypts theencrypted content, supplied from the recording medium interface 190, andthe resulting decrypted data is sent over the bus 110 to theinput/output I/F 120. At step S303, the input/output I/F 120 outputs thedigital content to outside to terminate the reproduction processing.

[0083] In outputting the digital content over the IEEE1394 serial bus,the input/output I/F 120 at step S303 undertakes authentication with acounterpart device, in accordance with the DTCP standard, as describedabove. The input/output I/F 120 then encrypts and transmits the digitalcontent.

[0084] In reproducing the content recorded on the recording medium 195and outputting the reproduced content as analog data to outside, thereproducing processing conforming to the flowchart of FIG. 3B isexecuted.

[0085] That is, at steps S321 and S322, the processing similar to thatin steps S301 and S302 is carried out, whereby the decrypted digitalcontent, obtained by the encryption processing means 150, is sent overthe bus 110 to the MPEG codec 130.

[0086] The MPEG codec 130 at step S323 MPEG decodes, that is expands,the digital content, to output the expanded content to the input/outputI/F 140. The input/output I/F 140 at step S324 D/A converts the digitalcontent, MPEG decoded by the MPEG codec 130, by the enclosed A/D-D/Aconverter 141, to form analog content. The MPEG codec then proceeds tostep S325 where the input/output I/F 140 outputs the analog content tooutside to terminate the reproduction processing.

[0087] The configuration of distributing keys necessary for therecording and/or reproducing device of FIG. 1 to record or reproducedata on or from the recording medium, for example, a master key or amedia key, to respective equipment, is now explained. The master key isa common key in the present system, owned in common by plural devicesand recorded in the devices at the time of manufacture thereof. Themaster key is preferably common to all devices used in this keydistribution system. The media key is a key proper to each recordingmedium and is recorded in the recording medium at the time ofmanufacture thereof. Ideally, the media key differs from one recordingmedium to another. However, from the constraint associated with themanufacturing process of the recording medium, the media key may morerealistically be changed from one group made up of plural recordingmedia to another. For example, the media key may be changed from one lotcorresponding to a production lot of recording media as one group toanother. The following description is centered about an instance ofrenewing these keys. However, the present invention may also be appliedfor distributing or recording these keys to or on a device not having amaster key recorded or a recording medium not having a media keyrecorded.

[0088]FIG. 4 shows a key distribution configuration in a recordingand/or reproducing device in a recording system employing the presentsystem. The numbers 0 to 15 shown in the bottom row of FIG. 4 indicaterespective recording and/or reproducing devices. That is, the respectiveleaves of the tree structure shown in FIG. 4 correspond to therespective recording and/or reproducing devices.

[0089] The respective devices 0 to 15 at the time of manufacture(shipment) include stored therein keys (node keys), assigned to nodesfrom own leaves to the root in a predetermined initial tree, and leafkeys of the respective keys. K0000 to K1111, shown at the bottom of FIG.4, represent leaf keys assigned to the respective devices 0 to 15, withthe keys from the top key to the keys entered in second nodes from thebottom KR to K111 being node keys.

[0090] In the tree structure, shown in FIG. 4, the device 0, forexample, owns the leaf key K0000 and node keys K000, K00, K0 and KR. Thedevice 5 owns K0101, K010, K01, K0 and KR, while the device 15 ownsK1111, K111, K11, K1 and KR. Although only 16 devices of O to 15 areindicated in the tree of FIG. 4, with the tree configuration being ofwell-balanced left-right symmetrical structure in four rows, moredevices may be entered in a tree, while the number of rows in the treestructure may differ from that shown therein.

[0091] The recording and/or reproducing devices, included in the treestructure of FIG. 4, are comprised of the recording and/or reproducingdevices of variable types employing a variety of recording media, suchas DVD, CD, MD or Memory Stick (trademark). Moreover, it may bepresupposed that a variety of application services co-exist. The keydistribution configuration shown in FIG. 4 is applied to thispresupposed co-existing configuration of different applications.

[0092] In the system where these variable devices and applicationsco-exist, the portion surrounded by a dotted line in FIG. 4, that isdevices 0 to 3, is set as a group employing one and the same recordingmedium. For the devices belonging to this group, defined by the dottedline, processing operations, such as encrypting common content to beforwarded from a provider, forwarding a master key used in common, oroutputting payment data of content fee in a similarly encrypted form toa provider or to a settlement organization, may be executed at a time.The organization responsible for data transmission and reception to orfrom respective devices, such as the content providers or settlementorganizations, execute the processing of forwarding data in a lumpedform, with the portion surrounded by a dotted line in FIG. 4, that isthe devices 0 to 3, as a group. A plural number of such groups exist inthe tree structure of FIG. 4.

[0093] It should be noted that the node and leafkeys may be supervisedin a centralized fashion by a sole key management center, or on thegroup basis by the providers or settlement organizations transmitting orreceiving a variety of data to or from the respective groups. In caseof, for example, key leakage, the node or leaf keys are renewed by thekey management center, provider or by the settlement organizations.

[0094] As may be seen from FIG. 4, the four devices 0 to 3 of one groupown common keys K00, K0 and KR as node keys. By exploiting this node keyco-owning configuration, it becomes possible to furnish e.g., a commonmaster key only to the devices 0 to 3. For example, if the co-owned nodekey K00 itself is set as a master key, a common master key can be setonly for the devices 0 to 3 without executing new key forwardingoperations. Moreover, if a value Enc (K00, Kmaster) obtained onencrypting a new master key Kmaster with the node key K00 is distributedover the network or as it is stored on a recording medium, only thedevices 0 to 3 are able to decrypt the cipher Enc (K00, Kmaster) toobtain the master key Kmaster. Meanwhile, Enc (Ka, Kb) indicate dataobtained on encrypting Kb with Ka.

[0095] If it is revealed at a certain time point t that the keys ownedby the device 3, that is K0011, K001, K00, K0 and KR were analyzed by anaggressor (hacker) and disclosed, the device 3 subsequently needs to beseparated from the system in order to protect data transmitted orreceived in the system (group of the devices 0 to 3). To this end, thenode keys K001, K00, K0 and KR must be renewed to new keys K(t)001,K(t)00, K(t)0 and K(t)R, respectively, while these renewed keys must betransmitted to the devices 0, 1 and 2. Meanwhile, K(t)aaa denotes thatit is a renewed key of a key Kaaa with a generation: t.

[0096] The processing of distributing a renewal key is explained. Therenewal of a key is executed by storing a table formed by block datatermed a key renewal block (KRB) shown for example in FIG. 5A in anetwork or in a recording medium and by sending the table to the devices0 to 2.

[0097] The key renewal block (KRB), shown in FIG. 5A, is formed as blockdata of a data structure in which renewal is possible only for thedevices in need of renewal of node keys. The block data shown in FIGS.5A and 5B are formed with a view to distributing a renewal node key ofthe generation t to the devices 0, 1 and 2 of the tree structure shownin FIG. 4. As may be seen from FIG. 4, the devices 0 and 1 are in needof K(t)00, K(t)0 and K(t)R, as renewal node keys, whilst the device 2 isin need of K(t)001, K(t)00, K(t)0 and K(t)R, as renewal node keys.

[0098] As shown in the KRB of FIG. 5A, plural encrypted keys arecontained in KRB. The encrypted key at the bottom row is Enc (K0010,K(t)001). This is a renewal node key K(t)001, encrypted by the leaf keyK0010 owned by the device 2, so that the device 2 is able to decrypt theencrypted key by the device's own leaf key to obtain K(t)001. Moreover,using K(t)001, obtained on decryption, the encrypted keys Enc(K(t)001,K(t)00) in the second row from the bottom of FIG. 5A can be decrypted togive the renewed node key K(t)00. In a similar sequence of operations,the encrypted keys Enc(K(t)00, K(t)0) in the second row from top of FIG.5A can be decrypted to give a renewed node key K(t)0, whilst theencrypted keys Enc(K(t)0, K(t)R) in the first row from top of FIG. 5Acan be decrypted to give K(t)R. As for the devices 0 and 1, the node keyK000 is not to be renewed. It is only K(t)00, K(t)0 and K(t)R that areneeded as renewal node keys. As for the devices 0 and 1, the encryptedkeys Enc(K000, K(t)00) in the third row from the top of FIG. 5A aredecrypted to obtain K(t)00. Similarly, the encrypted keys Enc(K(t)00,K(t)0) in the second row from top of FIG. 5A are decoded to give arenewal node key K(t)0 and the encrypted keys Enc(K(t)0, K(t)R) in thefirst row from top of FIG. 5A are decrypted to give K(t)R. In thismanner, the devices 0 to 2 are able to acquire the renewed keys K(t)R.Meanwhile, indices in FIG. 5A denote absolute addresses of the node andleafkeys used as decoding keys.

[0099] If renewal of the node keys K(t)0 and K(t)R in the topmost row ofthe tree structure shown in FIG. 4 is unneeded, whilst only the renewalof the node key K00 is needed, the key renewal block (KRB) of FIG. 5Bmay be used to distribute the renewal node key K(t)00 to the devices 0to 2.

[0100] The KRB shown in FIG. 5B may be used in case a new master key tobe co-owned by e.g., a specified group or a media key unique to arecording medium is to be distributed. As a specified instance, it isassumed that the devices 0 to 3 in the group shown by a dotted line inFIG. 4 are using a certain recording medium, and that a new commonmaster key K(t)master is needed. At this time, data Enc(K(t),K(t)master), obtained on encrypting a new common renewed master keyK(t)master using K(t)00, which is a renewed node key K00 common to thedevices 0 to 3, is distributed along with the KRB shown in FIG. 5B. Bythis distribution, distribution as data not decrypted by an equipment ofthe other group, such as device 4, becomes possible. The same may besaid of the media key.

[0101] That is, the devices 0 to 3 are able to decrypt theaforementioned cryptotext, using K(t)00 obtained on processing KRB toobtain the master key K(t)master or the media key K(t)media at a timepoint t.

[0102] To summarize, the processing at the respective devices may beexplained as follows:

[0103] 1. The respective devices check the index part of the KRB to beapprized of the structure of a tree sent with the KRB.

[0104] 2. The devices decrypt the cryptotext using the uppermost one ofnode (live) keys not renewed by the KRB (in the present instance, K000for the devices 0 and 1 and K0010 for the device 2) to acquire therenewed node key of the parent of the node in question.

[0105] 3. The cryptotext is decrypted, using the renewed node key, toacquire the renewed node key of the parent node of the node in question.

[0106] 4. The above sequence of operations is repeated to acquire therenewed node key of the uppermost node of KRB.

[0107] Meanwhile, the generation of the KRB represents the version ofthe KRB, such that, by using a larger value of the generation torepresent the KRB of later origin, by way of an example, comparison maybe made of the degree of newness of the KRBs. If the renewal of K(t)0and K(t)R is not needed, K(t)00 can be co-owned by the devices 0, 1, 2by employing the key renewal block (KRB) of FIG. 5B. That is, if, whenthe devices 1 to 3 form one group employing a given recording medium,the recording data is encrypted using the media key transmitted usingK(t)00, the data so encrypted can be rendered not accessible from anequipment of some other group, such as device 4. Specifically, althoughthe devices 0 to 2 co-own K(t)00, using e.g., FIG. 5B, the media keyK(t)master at the time point t is encrypted and stored in this state inthe recording medium which has held the KRB. The devices 0 to 2 decryptthe above cryptotext, using K(t)00 obtained on processing the KRB, toacquire the media key K(t)media at the time point t.

[0108]FIG. 6 shows, as a processing instance of obtaining the media keyK(t)media at a time point t as proposed in a senior patent applicationof the present Assignee (JP Patent Application 2000-105328), theprocessing of the device 2 which has received, through the recordingmedium, data Enc(K(t)00, K(t)media) which has encrypted the new commonmedia key K(t)media using K(t)00, and the KRB shown in FIG. 5B.

[0109] It is assumed that, as shown in FIG. 4, the four devices 0 to 3encircled in a dotted line are included in a certain recording and/orreproducing system. FIG. 6 shows the processing in finding the media keyneeded for the recording and/or reproducing device (device 2) to encryptor decrypt the content on the recording medium in case the device 3 isrevoked and the media key assigned from one recording medium to anotheris used, with the aid of a key renewal block (KRB) and a device keymemorized by the recording and/or reproducing device.

[0110] In a memory of the device 2, there are safely stored the leaf keyK0010, assigned only to itself, and node keys K001, K00, K0 and KR ofthe respective nodes 001, 00, 0 and R from the leaf key up to the rootof the tree. The device 2 has to decrypt the cryptotext with the indexof 0010, in the KRB stored in the recording medium of FIG. 6, with anown leaf key K0010, to calculate the node key K(t)001 of the node 001,to decrypt the cryptotext with the index 001, using the so calculatednode key, to calculate the node key K(t)₁₃ 00 of the node 00, andfinally to decrypt the cryptotext with the index of 001, using the socalculated node key, to calculate the media key K(t)₁₃ media. The numberof times of calculations is increased as the depth from the leaf to thenode for encrypting the media key is increased. That is, voluminouscalculations are needed in a large system where there exist a largenumber of recording and/or reproducing devices. The data encryption anddecryption processing modes employing the so calculated and acquiredmedia key are hereinafter explained.

[0111] Referring to the processing block diagram of FIG. 7, an instanceof the data encryption processing executed by the encryption processingmeans 150 and the recording and/or reproducing processing for arecording medium is explained.

[0112] The recording and/or reproducing device 700 acquires the mediakey by the calculating processing based on the own KRB described above.

[0113] The recording and/or reproducing device 700 checks whether or nota disc ID as the identification information has already been recorded one.g., a recording medium 702 as an optical disc. If the disc ID hasalready been recorded, the disc ID is read out. If otherwise, a disc ID1701 is generated by e.g., a random number generation method selected atrandom or predetermined at the encryption processing means 150. The discID 1701 so generated is recorded on the disc. Since only one disc IDsuffices for the disc, it may be stored e.g., in a lead-in area.

[0114] The recording and/or reproducing device 700 then generates a discunique key, using the media key 701 and the disc ID. As a specifiedmethod for generating the disc unique key, a method of an instance 1employing the results obtained on inputting the media key and the discID to a hash function employing a block cipher function, as shown inFIG. 8, or a method of an instance 2 employing, as a disc unique key,only a needed data length from a 160-bit output, obtained on inputtingdata generated on bit concatenation of the media key and the disc ID tothe hash function SHA-1, as defined in FIPS (Federal InformationProcessing Standards Publications) 180-1.

[0115] Then, a title key, as a recording specific key, is generated inthe encryption processing means 150 (see FIG. 1) at random or by apredetermined method, such as a random number generation, to record theso generated title key on the disc 702.

[0116] From a combination of the disc unique key, title key and thedevice ID or a combination of the disc unique key, title key and thedevice unique key, a title unique key is generated.

[0117] For generating the title unique key, there may be used the methodof the instance 1 employing the results obtained on inputting the titlekey and the disc unique key, the device ID (in case of not limiting thereproducing equipment) or the device unique key (in case of limiting thereproducing key) to the hash function employing the block cipherfunction, as shown in FIG. 9, or the method of the instance 2 employing,as the title unique key, only a needed data length from a 160-bit outputobtained on inputting data generated on bit concatenation of the mediakey, disc ID and the device ID (in case of not limiting the reproducingequipment) or the device unique key (in case of limiting the reproducingkey) to the hash function SHA-, 1 as defined in FIPS 180-1. Meanwhile,limitation of the reproducing equipment means rendering reproduction ofcontent data stored in the recording medium possible only in a specifiedreproducing equipment.

[0118] In the foregoing explanation, the disc unique key is generatedfrom the media key and the disc ID, and the title unique key isgenerated from the disc unique key, title key and the device ID or fromthe title key and the device unique key. Alternatively, the title uniquekey may directly be generated from the media key, disc ID, title key andthe device ID or device unique key, without using the disc unique key.Still alternatively, a key equivalent to the title unique key may begenerated from the media key, disc ID and the device ID or the deviceunique ID, without using the title key.

[0119] Referring to FIG. 7, the ensuing processing is explained. From ablock seed, corresponding to separated leading number 1 to number 4bytes of the block data, input as data for encryption, and from thepreviously generated title unique key, a block key, as a key forencrypting the block data, is generated.

[0120]FIG. 10 shows an instance of generating the block key. FIG. 10shows two instances of generating a 64-bit block key from a 32 bit blockseed and a 64 bit title unique key.

[0121] The instance 1, shown on an upper side, uses a 64-bit cipherfunction, with a key length being 64 bits, for each of an input and anoutput. The block seed and a 32-bit constant, concatenated together, areinput and encrypted, using the title unique key as a key for this cipherfunction, to form a block key as the result of the encryption.

[0122] The instance 2 uses the hash function SHA-1 of FIPS 180-1. Thetitle unique key and the block seed are concatenated together and inputto the SHA-1 and a 160-bit output thereof, contracted to 64 bits, suchas by employing only lower 64 bits thereof, is used as the block key.

[0123] In the foregoing, the instance of generating the disc unique key,title unique key and the block key has been explained. Alternatively,the block key may be generated using the media key, disc ID, title key,block seed and the device ID or the device unique key may be used fromblock to block to generate the block key, without generating the discunique key or the title unique key.

[0124] When the block key is generated, block data are encrypted, usingthe so generated block key. As shown in the bottom part of FIG. 7, theleading number 1 to number m bytes, in being, for example, 8, of theblock data, inclusive of the block seed, are separated (selector 1608),without being encrypted, while the number m+1 data up to the trailingdata are encrypted. Meanwhile, the number 1 to number 4 bytes, as theblock seed, are included in the non-encrypted m bytes. The block data asfrom the number m+1 byte, separated by the selector, are encrypted inaccordance with the encryption algorithm preset on the encryptionprocessing means 150. As the encryption algorithm, the DES (dataencryption standard) provided for in, for example, FIPS 46-2, may beused.

[0125] By the above processing, the content is encrypted, on the blockbasis, by a block key generated based on the generation-managed mediakey or block seed, so as to be stored in the recording medium.

[0126]FIG. 11 shows a block diagram showing the processing of decryptingencrypted content data stored in the recording medium and of reproducingthe so decrypted data.

[0127] In the reproducing processing, as in the encryption and recordingprocessing explained with reference to FIGS. 7 to 10, a disc unique keyis generated from the media key and the disc ID, a title unique key isgenerated from the disc unique key and the title key, and the block keyis generated from the title key and the block seed as read out from therecording medium. The block-based encrypted data, read out from therecording medium 702, is decrypted, using the block key as thedecrypting key.

[0128] In the encryption processing in recording content data on arecording medium and in the decryption processing in reproducing thecontent data from the recording medium, as described above, a media keyis calculated based on the KRB. The key for encrypting or decrypting thecontent then is generated based on the so calculated media key or otheridentifiers.

[0129] In the above-described instance, the configuration of generatinga key used for encrypting or decrypting the content data has beenexplained. Alternatively, the key used for encrypting and decrypting thecontent key may also be generated based not on the media key but on amaster key common to the plural recording and/or reproducing devices ora device key unique to the recording and/or reproducing device, acquiredfrom the KRB. The media key, master key or the device key per se, asacquired from the KRB, may also be applied as keys used for encryptingand decrypting the content data.

[0130] By employing the key renewal block (KRB) as described above, itis possible to furnish the renewed key only to the licenced authenticdevice, so that, by using the so furnished key, it is possible toencrypt the contents for the recording medium or to generate a key usedfor decrypting the contents read out from the recording medium. In theabove configuration, such an instance has been explained in which onlyone key renewal block (KRB) is stored in one recording medium and usedfor acquiring the renewed key. An illustrative structure in which pluralkey renewal blocks (KRBs) are stored is explained. In this case, each ofthe encrypted contents data recorded on the recording medium is adaptedto have the information based on which it is possible to identify fromwhich KRBs on plural key renewal blocks KRBs the media key used forencrypting the contents data has been generated.

[0131] The KRB may be stored not only in the recording medium but alsoin a memory of the recording and/or reproducing device. The memory meansfor storage in the key renewal block (KRB) of the recording and/orreproducing device is of an overwritable configuration, such that,during accessing the recording medium, such as on loading the recordingmedium on the recording and/or reproducing device, the KRBs on therecording medium are retrieved, and the KRB of the latest version newerthan that the device holds, if any, is substituted for the KRB thedevice holds.

[0132]FIG. 12 shows a typical format of a key renewal block (KRB). Aversion 1201 is an identifier indicating the version of the key renewalblock (KRB). The depth denotes the number of layers of the hierarchicaltree for a device which is the destination of distribution of the keyrenewal block (KRB). A data pointer 1203 points to the position of adata part in the key renewal block (KRB), whilst a tag pointer 1204 anda signature pointer 1205 point to the positions of a tag part 1207 andto a signature, respectively. The data part 1206 holds data which is anencrypted version of a node for renewal.

[0133] The tag part 1207 is a tag specifying the position relationshipbetween the leaf key and the node key stored encrypted in the data part.The rule in imparting this tag is explained with reference to FIG. 13,which shows an instance of forwarding the key renewal block (KRB)explained with reference to FIG. 5A. The data is shown in a table on theright side of FIG. 13. The top node address included into the encryptingkey at this time is a top node address. In this case, the top nodeaddress is KR because there is contained the renewed key K(t)R of theroot key.

[0134] The Enc(K(t)0, K(t)R) at the uppermost row of the encrypting keyis at a position indicated by arrow in a hierarchical tree shown on theleft side of FIG. 13. The next data is ENC(K(t)00, K(t)0), lying at alower left position with respect to the previous data. If there is orthere is not any lower layer data for a given data, the tag for thegiven data is set to 0 or 1, respectively. The tag is represented as{left(L) tag, right(R) tag}. Since there is data on the left side of theuppermost row data Enc(K(t)0, K(t)R), the L tag is 0. However, sincethere is no data on the right side of the data Enc(K(t)0, K(t)R), the Rtag is 1. In similar manner, the tags are set for all data so as to forma data column and a tag column shown on the lower side of FIG. 13.

[0135] Returning to FIG. 12, the KRB format is further explained. Thesignature is an electronic signature executed by e.g., a key managementcenter, a contents provider or a settlement organization which hasissued the key renewal block (KRB). The device which has received theKRB confirms, on signature verification, that the key renewal block(KRB) is one issued by an authentic key renewal block issuing concern.

[0136] A first embodiment of the renewal processing for the key renewalblock (KRB) is explained. Referring to the block diagrams of FIGS. 14Aand 14B and to the flowchart of FIG. 15, the configuration of storingplural key renewal blocks (KRBs) in the memory of the recording and/orreproducing device, and the processing of storing the latest KRB in thememory of the recording and/or reproducing device, that is theprocessing of renewing the key renewal block (KRB) stored in therecording and/or reproducing device, are hereinafter explained.

[0137]FIG. 14A, shown on an upper side in FIG. 14, shows the state priorto the loading of the recording medium on the recording and/orreproducing equipment. Specifically, FIG. 14A shows the state in which asole key renewal block (KRB) 1411 is stored in a recording and/orreproducing device 1410, and in which two key renewal blocks (KRBs)1421, 1422 are stored in a recording medium 1420.

[0138] The KRB stored in the recording and/or reproducing device 1410 isa key renewal block (KRB) 1411 of a version T1, whilst the KRBs storedin a recording medium 1420 are a key renewal block (KRB) 1421 of aversion T1, and a key renewal block (KRB) 1422 of a version T2, which isnewer than the version T1.

[0139] In the recording medium 1420, there are stored contents 1431,encrypted using a media key generated from the key renewal block (KRB)of the version T1, and contents 1432 encrypted using a media keygenerated from the key renewal block (KRB) of the version T2.

[0140] When the recording medium 1420 is loaded on the recording and/orreproducing device 1410, the device performs renewal processing for thekey renewal blocks (KRBs) it holds, in accordance with the flowchart ofFIG. 15.

[0141] At step S1501 of FIG. 15, the recording and/or reproducing device1410 reads out the versions as the generations of all key renewal blocks(KRBs) stored in the recording medium 1420 to find the latest version.In the instance of FIG. 14A, the key renewal block (KRB) 1422 of theversion T2 is of the latest version.

[0142] At step S1502, the recording and/or reproducing device 1410compares the degree of newness of the key renewal block (KRB) stored inthe memory in the recording and/or reproducing device (such as memory180 of FIG. 1) to the latest KRB on the recording medium 1420 asdetected at step S1501, that is a key renewal block (KRB) 1422 of theversion T2.

[0143] In this comparison, if the KRB detected from the recording mediumis newer, the program moves to step S1503. If otherwise, the programskips the steps S1503 and S1504 to terminate the processing.

[0144] In the instance of FIG. 14A, it is the key renewal block (KRB)1411 of version T1 that is stored in the recording and/or reproducingdevice 1410 and the key renewal block (KRB) 1422 of the version T2 isnewer than the first-stated block. Thus, the program moves to stepS1503.

[0145] At step S1503, it is verified whether or not the newest KRB,scheduled to be renewed, can be decrypted with the leaf key or the nodekey owned by the recording and/or reproducing device 1410. That is, thekey renewal blocks (KRBs) are sequentially decrypted, by the own leafkey or the node key, as explained with reference to FIGS. 4 to 6, toverify whether or not the node key of the new version of the updatedgeneration information t, for example, K(t)00, or the root key K(t)R, isobtainable. This verification processing is performed by verifyingwhether or not an encrypting key decryptable on direct application ofthe own leaf or node key the recording and/or reproducing device holdsis stored in an index part of the key renewal block (KRB) shown forexample in FIG. 5.

[0146] If it is verified at step S1503 that the latest KRB scheduled tobe decrypted can be decrypted using the leaf key or the node key held bythe recording and/or reproducing device 1410, the program moves to stepS1504. If otherwise, the program skips the step S1504 to terminate theprocessing.

[0147] At step S1504, the key renewal block (KRB) 1411 of the versionT1, stored in the memory of the recording and/or reproducing device1410, is renewed, using the latest KRB stored in the recording medium1420 as detected at step S1501. As a result, the KRB stored in therecording and/or reproducing device 1410 is updated to a key renewalblock (KRB) 1412 of version T2, as shown in FIG. 14B.

[0148] The processing of recording contents data on the recording mediumby the recording and/or reproducing device shown in FIG. 1 is nowexplained with reference to the flowcharts of FIGS. 16A, 16B and 17.

[0149] A recording and/or reproducing device 1610 of FIG. 16A, shown onan upper part in FIG. 16, holds a key renewal block (KRB) 1611 ofversion T2, and undertakes to encrypt the contents to record theencrypted contents in a recording medium 1620.

[0150] In the recording medium 1620, there are recorded a key renewalblock (KRB) 1621 of version T1, and contents 1631, encrypted based onthe media key generated from this key renewal block (KRB) 1621.

[0151]FIG. 17 shows the processing flow in recording the contents dataon the recording medium. The respective steps of the flow of FIG. 17 arenow explained.

[0152] At step S1701, the recording and/or reproducing device 1610generates a media key from the key renewal block (KRB) 1611 of theversion T2 held by the recording and/or reproducing device 1610 itself.

[0153] The recording and/or reproducing device 1610 is performing theprocessing of renewing the key renewal block (KRB) of FIG. 15, when therecording medium 1620 is loaded thereon, as explained previously, suchthat the latest one of the key renewal blocks (KRBs) in the device andon the recording medium, here the key renewal block (KRB) of version T2,is stored in the device memory.

[0154] At step S1702, the contents data are encrypted, based on thismedia key. This encryption processing is executed in accordance with,for example, the method explained with reference to FIG. 7. The contentsdata are subsequently recorded on the recording medium 1620. It shouldbe noted that, in storing the encrypted contents on the recording medium1620, the version as the generation information of the key renewal block(KRB) which has acquired the media key used in encrypting the contents,here the version T2 of the key renewal block (KRB) 1611, is recorded onthe recording medium 1620 in association with the encrypted contents.The version as the generation information of the key renewal block(KRB), similarly to the auxiliary information of contents, such as titlekey, is recorded in the data management file, constituted as amanagement file correlated with the contents data, and stored in thisform on the recording medium 1620.

[0155] The recording and/or reproducing device 1610 then at step S1703inspects whether or not the key renewal block (KRB) of the same versionas that used in generating the media key has been stored in therecording medium 1620. If the block is stored in the recording medium1672, the step S1704 is skipped to terminate the processing and, ifotherwise, the program moves to step S1704.

[0156] At step S1704, the recording and/or reproducing device 1610records the key renewal block (KRB) of the same version as that used ingenerating the media key, here the key renewal block (KRB) of theversion T2, on the recording medium 1620, to finish the recordingprocessing of the contents data. By the above processing, the encryptedcontents data, obtained on encryption with the media key acquired fromthe latest available KRB and the latest key renewal block (KRB) requiredfor obtaining the media key required in turn for performing the contentsencrypting processing, can be recorded on the recording medium 1620, asshown in FIG. 16B.

[0157] The processing of the recording and/or reproducing device ofreading out from the recording medium the contents data encrypted, usingthe key obtained based on the latest available key renewal block (KRB),and recorded in this state, is now explained using a flowchart of FIG.18.

[0158] At step S1801, the recording and/or reproducing device reads outthe version as the generation information of the key renewal block (KRB)designed for generating a media key which has encrypted the contentsdata to be reproduced. The version as the generation information of thekey renewal block (KRB) corresponding to the respective contents data onthe recording medium is written in, for example, the aforementioned datamanagement file.

[0159] At step S1802, the recording and/or reproducing device detects,from one or more key renewal blocks (KRBs) stored in the recordingmedium, such a one having the same version as that of the generationinformation read out at step S1801, and decrypts the key renewal block(KRB) to generate a media key.

[0160] The recording and/or reproducing device then at step S1803 readsout the contents data from the recording medium to decrypt the read-outcontents data based on the media key generated at step S1802 to use theso decrypted data. The contents data stored in the recording medium canbe reproduced by the above processing.

[0161] Thus, the set of information recording and/or reproducing devicesof the present invention is configured so that the latest key renewalblock (KRB) is taken out from the recording medium holding plural keyrenewal blocks (KRBs), having plural different generations or versions,and is stored in the memory of the recording and/or reproducing device,and so that, in the processing of storing the contents on a recordingmedium, the latest usable key renewal block (KRB) is detected from theplural KRBs stored in the memory of the recording and/or reproducingdevice or on the recording medium, and a media key, for example, isacquired from the latest key renewal block (KRB) for storage in therecording medium. The key renewal block (KRB) which has acquired themedia key used in encrypting the contents is newly stored in therecording medium.

[0162] So, the KRBs of plural versions can be stored in the recordingmedium, the contents encrypted with the media key acquired from thedifferent KRBs can be stored in the recording medium. In newly recordingthe contents on a recording medium, the contents are encrypted, usingthe media key calculated based on the latest KRB held by the recordingand/or reproducing device and by the recording medium at such timepoint. Thus, if the KRB of the old version used in contents encryptionat the time of manufacture of the recording medium has already beenstored in the recording medium, a KRB of a new version is issued by thekey renewal processing executed by the key management center, provideror the settlement organization, as the illicit equipment is revoked, asalready explained with reference to FIGS. 4 and 5, whereby the encryptedcontents subsequently stored on the recording medium are encrypted basedon the media key acquired from the KRB of the new version that can beacquired solely by the authorized equipment, thus enabling theelimination of decryption and reproduction by the revoked equipment.

[0163] The foregoing description of the preferred embodiment has beenmade in connection with an instance of e mnploying the media key as akey for encryption. However, the key for encryption, renewed by the KRB,can also be e.g., a master key common to plural recording and/orreproducing devices or a device key unique to each information recordingand/or reproducing device. Moreover, the key renewal by KRB may beapplied to key renewal for a master key or device keys, in the same wayas key renewal for media keys.

[0164] In the above-described embodiment, the renewal processing of thekey renewal block (KRB) is performed at a time point of loading therecording medium 1620 on the recording and/or reproducing device 1610.Alternatively, the processing for renewing the key renewal block (KRB)may also be performed at a time point of the recording and/orreproducing processing.

[0165] A second embodiment of the renewal processing for the key renewalblock (KRB) in the recording and/or reproducing device is now explained.The processing of renewing the key renewal block (KRB) in the recordingand/or reproducing device and on the recording medium is explained inFIG. 19 ff.

[0166]FIGS. 19A and 19B show the processing of renewing the key renewalblock (KRB) in the recording and/or reproducing device. FIG. 19A showsthe state prior to loading of the recording medium on the recordingand/or reproducing device. Specifically, FIG. 19A shows the state inwhich a sole key renewal block (KRB) 1911 is stored in a recordingand/or reproducing device 1910 and in which two key renewal blocks(KRBs) 1921, 1922 are stored in the recording medium 1920.

[0167] The KRB stored in the recording and/or reproducing device 1910 isa key renewal block (KRB) 1911 of version T2, whereas the KRBs stored inthe recording medium 1920 is a key renewal block (KRB) 1922 of versionT3. It should be noted that, of the versions T3, T2 and T1, T3 is thelatest version, with the version T1 being the oldest.

[0168] In the recording medium 1920, the contents 1931, encrypted usingthe media key generated from the key renewal block (KRB), is stored.

[0169] When the recording medium 1920 is loaded on the recording and/orreproducing device 1910 and accessed by the recording and/or reproducingdevice 1910, the recording and/or reproducing device 1910 retrieves theKRB of the latest version of the KRBs on the recording medium 1920. Thelatest version is T3, which version T3 is newer than the key renewalblock (KRB) 1911 of the version T2 stored in the recording and/orreproducing device 1910. So, the KRB stored in the recording and/orreproducing device is renewed, using the key renewal block (KRB) 1922 ofthe version T3. As a result, the key renewal block (KRB) 1911 of theversion T2 stored in the recording and/or reproducing device 1910 isreplaced by a key renewal block (KRB) 1912 of the new version T3.

[0170] If the KRB stored in the recording and/or reproducing device isnewer than any of the KRBs stored in the recording medium, the new KRBis stored in the recording medium at the time of accessing the recordingmedium. FIGS. 20A and 20B show the concept of recording the new KRB bythe recording and/or reproducing device on the recording medium.

[0171]FIG. 20A shows the state prior to loading of the recording mediumon the recording and/or reproducing device. Specifically, FIG. 20A showsthe state in which a sole key renewal block (KRB) 2011 is stored in arecording and/or reproducing device 2010 and in which two key renewalblocks (KRBs) 2021,2022 are stored in the recording medium 2020.

[0172] The KRB stored in the recording and/or reproducing device 2010 isa key renewal block (KRB) 2011 of version T3, whereas the KRBs stored inthe recording medium 2020 are a key renewal block (KRB) 2021 of versionT1 and a key renewal block (KRB) 2022 of version T2. It should be notedthat, of the versions T3, T2 and T1, T3 is the latest version, with theversion T1 being the oldest.

[0173] In the recording medium 2020, the contents 2031, encrypted usingthe media key generated from the key renewal block (KRB) of version T1,are stored.

[0174] When the recording medium 2020 is loaded on the recording and/orreproducing device 2010 and accessed by the recording and/or reproducingdevice 2010, the recording and/or reproducing device 2010 retrieves theKRB of the latest version of the KRBs on the recording medium 2020. Thelatest version is T2, which version T2 is older than the key renewalblock (KRB) 2011 of the version T3 stored in the recording and/orreproducing device 2010. So, the key renewal block KRB 2011 of theversion T3 is recorded on the recording medium 2020. As a result, thekey renewal block (KRB) 2023 of the new version T3 is added on therecording medium 2020.

[0175] Moreover, in the recording and/or reproducing device of thepresent invention, the KRB used in encrypting none of contents data andwhich is not the latest version on the recording medium is deleted.FIGS. 21A and 21B show the concept of deleting the unneeded KRB on therecording medium by the recording and/or reproducing device.

[0176]FIG. 21A shows the state prior to loading of the recording mediumon the recording and/or reproducing device. Specifically, FIG. 21A showsthe state in which a sole key renewal block (KRB) 2111 is stored in arecording and/or reproducing device 2111 and in which three key renewalblocks (KRBs) 2121, 2122 and 2123 are stored in the recording medium2120.

[0177] The KRB loaded on the recording and/or reproducing device 2110 isa key renewal block (KRB) 2111 of any optional version, whilst the KRBsstored in the recording medium 2120 are a key renewal block (KRB) 2121of version T1, a key renewal block (KRB) 2122 of version T2 and a keyrenewal block (KRB) 2123 of version T3. It should be noted that, of theversions T3, T2 and T1, T3 is the latest version, with the version T1being the oldest.

[0178] In the recording medium 2120, there are stored contents 2131encrypted using the media key generated from the key renewal block (KRB)of the version T1.

[0179] When the recording medium 2120 is loaded on the recording and/orreproducing device 2110, and the recording medium 2120 is accessed bythe recording and/or reproducing device 2110, the recording and/orreproducing device retrieves a key renewal block (KRB) not used inencrypting contents data and which is not the latest one on therecording medium 2120. In the instances of FIGS. 21A, 21B, the keyrenewal block (KRB) 2122 of the version T2 is detected as being the KRBsatisfying the condition. The recording and/or reproducing device 2110deletes the detected key renewal block (KRB) not used in encryptingcontents data and which is not the latest one on the recording medium2120. As a result, the there are recorded on the recording medium 2120the key renewal block (KRB) 2121 of the version T1 used for encryptingthe contents and the key renewal block (KRB) 2123 of the latest versionT3 as shown in FIG. 21B. As a result, the recording area of therecording medium can be used effectively.

[0180] The three sorts of the KRB renewal processing, as explained withreference to FIGS. 19, 20 and 21, may be executed e.g., at a time pointof loading the recording medium on the recording and/or reproducingdevice. Specifically, when the loading of the recording medium on therespective device is detected, a CPU 170 reads out and executes the KRBrenewal processing program stored in a ROM 160 or in a memory 170. Thisprocessing sequence is explained in accordance with the flowchart ofFIG. 22.

[0181] At step S2201 of FIG. 22, the recording and/or reproducing deviceretrieves all KRBs on the recording medium and compares the latest oneof these KRBs and the version (generation) of the KRB stored inrecording means in the recording and/or reproducing device. If theseversions are the same, processing is finished without doing anything.

[0182] If the latest KRB on the recording medium is newer than the KRBin the recording and/or reproducing device, the program moves to stepS2202, where it is verified whether or not the latest KRB scheduled tobe renewed can be decrypted using the leaf key or the node key held bythe recording and/or reproducing device. That is, as explained withreference to FIGS. 4 to 6, the key renewal blocks (KRBs) aresequentially decrypted, using the leaf key or the node key held by therecording and/or reproducing device itself, to verify whether or not thenode key of the new version, with the renewed generation information t,such as K(t)00 or the root key K(t)R, can be acquired. This processingof verification is carried out by checking whether or not an encryptingkey that can be decrypted on direct application of the own leaf key orthe node key is stored in any index in the key renewal block (KRB) shownfor example in FIG. 5.

[0183] If it is verified at step S2202 that the latest KRB scheduled tobe renewed using the leaf key or the node key owned by the recordingand/or reproducing device is decryptable, the program moves to stepS2203. If otherwise, the skip S2203 is skipped to finish the processing.At step S2203, the KRB in the recording and/or reproducing device isupdated, using the latest KRB on the recording medium, as explained withreference to FIG. 19, to finish the processing.

[0184] On the other hand, if at step S2201 KRB in the recording and/orreproducing device is newer than the latest KRB on the recording medium,the program reverts to step S2204.

[0185] At step S2204, the KRB in the recording and/or reproducing deviceis recorded on the recording medium. The program then moves to stepS2205. At this step S2205, it is verified whether or not there is anyunneeded KRB on the recording medium. The unneeded KRB is such a KRBwhich is not used for encrypting any contents data stored on therecording medium, and which is not the latest KRB on the recordingmedium. If any such KRB exists, the program moves to step S2206 to erasethe KRB from the recording medium to finish the processing.

[0186] If there is no unneeded KRB at step S2205, the step S2206 isskipped to finish the processing. Renewal of KRBs in the recordingand/or reproducing device, recording of the new KRB on the recordingmedium and deletion of the unneeded KRB from the recording medium may berealized as discussed above.

[0187] The processing of recording contents data on the recording mediumby the recording and/or reproducing device shown in FIG. 1 is explainedwith reference to the flowchart of FIG. 23.

[0188] At step S2301, the recording and/or reproducing device generatesa media key from the KRB held by the device itself. At step S2302, thecontents data are encrypted based on this media key. As the specifiedmethod for encryption, the method in accordance with the aboveexplanation made with reference to FIGS. 7 to 11 may be used. Theencrypted contents data are recorded on the recording medium. At thistime, the version (generation t) of the KRB used for generating theencrypted contents is also recorded on the recording medium. Similarlyto the recording generation number or the title key, shown in FIG. 7,the KRB version (generation) may be recorded in a data management filein which there is stored the information pertinent to which dataconstitutes which title. By the above processing, the encrypted contentsdata and the KRB information necessary for reproducing the informationmay be recorded on the recording medium.

[0189] Meanwhile, in the encryption of contents and storage of theencrypted contents on the recording medium, encryption and storage ofthe contents by a newer key may be promoted by detecting the latestavailable key renewal block (KRB) from the key renewal blocks (KRBs)stored on the recording medium or in the memory of the recording and/orreproducing device itself and by encrypting the data to be stored in therecording medium using the encryption key obtained on decrypting thelatest detected available key renewal block (KRB).

[0190] The processing of reading out the contents data, recorded asdescribed above, from the recording medium by the recording and/orreproducing device, is now explained with reference to the flowchart ofFIG. 24.

[0191] At step S2401, the recording and/or reproducing device reads outthe version (generation) of the KRB generating a media key which hasencrypted contents data to be reproduced. The version (generation) ofthe KRB corresponding to the respective contents data on the recordingmedium is written in, for example, the aforementioned data managementfile.

[0192] At step S2402, the recording and/or reproducing device finds outsuch a one of the KRBs stored on the recording medium and which has theaforementioned version number (generation t) and, using this KRB,generates a media key in accordance with the procedure explained withreference to FIG. 6.

[0193] The recording and/or reproducing device at step S2403 reads outthe contents data from the recording medium and decrypts the data soread out based on the media key generated as described above.

[0194] Meanwhile, in the processing for decrypting the cipher datastored on the recording medium, it is also possible to detect not onlythe key renewal block (KRB) stored in the memory of the recording and/orreproducing device itself, but also the key renewal block (KRB) storedin the memory of the recording and/or reproducing device itself andwhich has the version number coincident with that of the encrypting keyfor the contents being reproduced, and to decrypt the cipher data storedin the recording medium using the encrypting key obtained by decryptingthe detected key renewal block (KRB).

[0195] Thus, with the set of information recording and/or reproducingdevices, according to the present invention, keys of plural generationsor versions can be stored in a recording medium in an environment whereplural key renewal blocks (KRBs) with different generations, that isversions, are used together. Moreover, when the recording and/orreproducing device accesses a recording medium, a newer key is stored onthe recording medium, while the latest KRB is stored from the recordingmedium in the memory of the recording and/or reproducing device itself,and any unneeded key is deleted from the recording medium.

[0196] A recording and/or reproducing device having a KRB newer than anyKRB stored in the recording medium is able to record the new KRB on arecording medium even in case of not recording contents data, so thatthe speed of migration of the new KRB can be increased. By thisprocessing, new recording media may be stored in the recording and/orreproducing device one after another and, in recording the data, thedata are encrypted and recorded using media keys calculated by thelatest KRB stored then in the recording and/or reproducing device and inthe recording medium, so that, even granting that the recording mediumwas produced at a remote past time point, with the KRB pre-stored on therecording medium being extremely old, or the KRB stored in the recordingand/or reproducing device is also old, the probability is high that anew KRB be used at data recording time, thus assuring higher datasecurity. So, the configuration of the present invention provides arecording system in which it is effectively possible to prevent illicitduplication of data protected by copyright, such as motion pictures ormusic (that is duplication against the intention of a copyright owner ofsuch data). Moreover, since the present invention provides aconfiguration in which any unneeded KRB, that is any KRB not used forencrypting the contents data and which is not the latest one of the LRBsstored on the recording medium, is deleted from the recording medium, itis possible to save the recording capacity of the recording medium.

[0197] In the above-described embodiment, the explanation has been mademainly in connection with the instance of using the media key as theencrypting key. Alternatively, the encrypting key renewed by the KRB mayalso be a master key common to plural information recording devices. Thekey renewal by the KRB may also be applied to a master key or a devicekey in the same way as a media key.

[0198] In the above-described embodiment, the key renewal block (KRB) isrenewed when accessing e.g., the TOC (table-of-contents) of therecording medium at a time point of loading the recording medium 1920 onthe recording and/or reproducing device 1910. The key renewal block(KRB) may also be renewed when accessing the recording medium at a timepoint of recording or reproduction.

[0199] It should be noted that, for protecting the benefit of thecopyright owner of contents, it is up to a licenced device to controlthe copying of the contents.

[0200] That is, for recording the contents on the recording medium, itis necessary to check whether or not the contents is allowed for copyingand to record only the contents that is allowed for copying. When thecontents recorded on the recording medium are reproduced and output, itis necessary to evade illicit copying of the output contents at a latertime.

[0201] The processing of the recording and/or reproducing device of FIG.1 in which the contents recorded or reproduced as control is managed asto the copying of the contents is explained with reference to theflowchart of FIGS. 25 and 26.

[0202] First, in recording the contents of digital signals from outsideon a recording medium, the recording processing in accordance with theflowchart of FIG. 25A takes place. Here, the recording and/orreproducing unit 100 shown in FIG. 1 is explained by way of an example.When the contents of digital signals, (digital contents) are fed overe.g., a, IEEE1394 serial bus to an input output I/F 120, the inputoutput I/F 120 receives the digital contents at S2501. The program thenmoves to step S2502.

[0203] At step S2502, the input output I/F 120 verifies whether or notthe digital contents received is allowed for copying. That is, if thecontents received by the input output I/F 120 are not encrypted, (aswhen the plaintext contents are fed to the input output I/F 120 withoutusing the above-mentioned DTCP), the contents are verified to be allowedfor copying.

[0204] It is assumed that the recording and/or reproducing device 100conforms to DTCP and executes the processing in accordance with theDTCP. The DTCP provides for 2-bit EMI (Encryption Mode Indicator) as thecopying controlling information for controlling the copying. If EMI is00B, B indicating that a value lying ahead of it is a binary number, theEMI indicates that the contents are Copy-freely, whereas, if EMI is 01B,it indicates that the contents are not allowed for further copying(No-more-copies). If the EMI is 10B, it indicates that it is allowed forcopying only once (Copy-one-generation), whereas, if the EMI is 11B, itindicates that the contents are inhibited for copying (Copy-never).

[0205] If the EMI is included in a signal supplied to a signal sent tothe input output I/F 100, and the EMI is Copy-freely orCopy-one-generation, the contents are verified to be allowed forcopying. If the EMI is No-more copies or Copy-never, the contents areverified to be not allowed for copying.

[0206] If the contents are verified at step S2502 to be not allowed forcopying, the steps S2503 to S2504 are skipped to finish the recordingprocessing. So, the contents are not recorded in this case on therecording medium 10.

[0207] If, at step S2502, the contents are determined to be allowed forcopying, the program moves to step S2503. The processing similar to thatat steps S202 and S203 of FIG. 2A then is carried out at steps S2503 toS2504. That is, the processing of encryption by the encryptionprocessing means 150 is carried out and the resulting encrypted contentsare recorded on a recording medium 195 to finish the recordingprocessing.

[0208] Meanwhile, the EMI is contained in the digital signals suppliedto the input output I/F 120 and, when the digital contents are recorded,the EMI, or the information indicating the copying controlling state, asdoes the EMI, such as embedded CCI in the DTCP, is also recorded alongwith the digital contents.

[0209] By and large, the information indicating the Copy-one-generationis recorded after conversion into No-more-copies such as not to allowfor further copying.

[0210] In recording the contents of the analog signals from outside, therecording processing in accordance with the flowchart of FIG. 25B isperformed. The processing of FIG. 25b is now explained. When thecontents of analog signals (analog contents) are sent to the inputoutput I/F 140, the input/output I/F 140 at step S2511 receives theanalog contents and proceeds to step S2512 to verify whether or not theso received analog contents are allowed for copying.

[0211] The processing of check at step S2512 is performed based onwhether or not a macro-vision signal or a CGMS-A (Copy GenerationManagement System-Analog) signal is included in the signal received bythe input/output I/F 140. That is, the macro-vision signal is such asignal which, if recorded on a video cassette tape of the VHS system,proves a noise. If such signal is included in the signal received by theinput/output I/F 140, the analog contents are verified to be not allowedfor copying.

[0212] Moreover, the CGMS-A signal denotes the CGMS signal used incopying controlling digital signals and which is applied to the copyingcontrol of the analog signals. The CGMS-A signal denotes that thecontents are Copy-free, Copy-one-generation or Copy-never.

[0213] Thus, if the CGMS-A signal is included in the signal received byan input/output I/F 140, and the CGMS-A signal denotes Copy-freely orCopy-one-generation, the analog contents are verified to be allowed forcopying. If the CGMS-A signal denotes Copy-never, the analog signals areverified to be not allowed for copying.

[0214] If no macro-vision signal nor CGMS-A signal is contained in theinput/output I/F 140, the analog signals are verified to be allowed forcopying.

[0215] If the analog signals are determined at step S2512 not to beallowed for copying, the steps S2513 to S2516 are skipped to terminatethe recording processing. Thus, in this case, no contents are recordedon the recording medium 195.

[0216] If it is verified at step S2512 that the analog contents are notallowed for copying, the program moves to step S2513. In the steps S2513to S2516, the processing similar to that at steps S222 to S225 of FIG.2B is performed, whereby the contents are converted into digital data,MPEG encoded, decrypted and recorded on the recording medium to completethe recording processing.

[0217] If, in case the CGMS-A signals are included in the analog signalsreceived by the input/output I/F 140, the analog contents are to berecorded on the recording medium, the CGMS-A signals are also recordedon the recording medium. In this case, the information representing theCopy-one-generation is converted, by and large, into No-more-copies toprohibit further copying and recorded in this form. This, however, isnot valid if a rule is adopted in a system which states: “TheCopy-one-generation copy control information is recorded withoutconversion to No-more-copies, but is handled as No-more copies”.

[0218] If the contents recorded on a recording medium are reproduced andoutput as digital contents to outside, the reproducing processing inaccordance with the flowchart of FIG. 26A is performed. The processingof FIG. 26A is now explained. First, at steps S2601 and S2602, theprocessing similar to that at steps S301 and S302 of FIG. 3A is carriedout, whereby the encrypted contents read out from the recording mediumis decoded by the encryption processing means 150 so that the decrypteddigital contents are sent over the bus 10 to the input/output I/F 120.

[0219] The input/output I/F 120 at step S2603 checks whether or not thedigital contents supplied thereto is allowed for copying subsequently.That is, if, for example, the EMI, or the information indicating thecopying controlling state (copying controlling information) as does theEMI, is not contained in the digital contents sent to the input/outputI/F 120, the contents are determined to be allowed for copyingsubsequently.

[0220] If the copying controlling information, such as EMI, is containedin the digital contents supplied to the input/output I/F 120, that is ifEMI is recorded in accordance with the DTCP standard during contentsrecording, and the EMI (recorded EMI) is Copy-freely, the contents aredetermined to be allowed for copying subsequently. If the EMI is No-morecopies, the contents are determined not to be allowed for copyingsubsequently.

[0221] By and large, the copying controlling information, such as EMI,as recorded, is not Copy-one-Generation nor Copying-never. The reason isthat the EMI of the Copy-one-generation is converted during recordinginto No-more-copies, whilst the digital contents having the EMI ofCopy-never are not recorded on the recording medium. This, however, isnot valid if a rule is adopted in a system which states: “Thecopy-one-generation copy control information is recorded withoutconversion to No-more-copies, but handled as No-more copies”.

[0222] If, at step S2603, the contents are determined to be allowed forcopying subsequently, the program moves to step S2604 where theinput/output I/F 120 outputs the digital contents to outside toterminate the reproducing processing.

[0223] If, at step S2603, the contents are found to be allowed forcopying subsequently, the program moves to step S2605 where theinput/output I/F 120 outputs the digital contents to outside in such aform as to prohibit its subsequent copying, in accordance with the DTCPstandard, to terminate the reproducing processing.

[0224] That is, if, for example, the copying controlling information,such as recorded EMI, is No-more copies, or if in a given system, thereis set a rule running: “the Copy-one-generation copy controllinginformation is recorded without conversion to No-more-copies but istreated as No-more copies” and the EMI recorded under this condition isCopy-one-generation, the contents are not allowed for further copying.

[0225] So, the input/output I/F 120 effects reciprocal authenticationwith respect to counterpart devices, in accordance with the DTCPstandards. If the counterpart is an authentic device, herein the deviceconforming to the DTCP standard, the digital contents are encrypted andoutput in this form to outside.

[0226] If the contents recorded on the recording medium are reproducedand output to outside as analog contents, the reproduction processingconforming to the flowchart of FIG. 26B is performed. The processing ofFIG. 26B is now explained. In steps S2611 to S2614, the processingsimilar to that at steps S321 to S324 of FIG. 3B is performed. That is,the readout, decryption, MPEG decoding and D/A conversion of theencrypted contents are carried out. The resulting analog contents arereceived by the input/output I/F 140.

[0227] At step S2615, the input/output I/F 140 is verified as to whetheror not the contents supplied thereto are enabled for subsequent copying.For example, if the copying controlling information, such as EMI, is notco-recorded in the recorded contents, the contents are determined to beenabled for copying subsequently.

[0228] If, during recording of contents, the copying controllinginformation, such as EMI, is recorded during recording of contents inaccordance with, for example, the DTCP standard, and the information isCopy-free, the contents are determined to be enabled for furthercopying.

[0229] On the other hand, if, for example, the copying controllinginformation, such as recorded EMI, is No-more copies, or if, in a givensystem, there is set a rule running: “the Copy-one-generation copycontrolling information is recorded without conversion to No-more-copiesbut is treated as No-more copies” and the EMI recorded under thiscondition is Copy-one-generation, the analog contents are determined tobe not allowed for further copying.

[0230] For example, if the CGMS-A signals are contained in analogcontents supplied to the input/output I/F 140, such that, during therecording of contents, the CGMS-A signals are recorded along with thecontents, with the CGMS-A signals being Copy-freely, the analog signalsare determined subsequently to be enabled for copying. If the CGMS-Asignals are Copy-never, the analog contents are determined to be enabledfor copying subsequently.

[0231] If, at step S2615, the contents are determined to be enabled forcopying subsequently, the program moves to step S2616 where theinput/output I/F 140 directly outputs the analog signals, suppliedthereto, by way of terminating the reproduction processing.

[0232] On the other hand, if, at step S2615, the contents are determinednot to be enabled for copying subsequently, the program moves to stepS2617 where the input/output I/F 140 outputs the analog contents in amanner of not allowing for subsequent copying to terminate thereproduction processing.

[0233] That is, if, for example, the copying controlling information,such as recorded EMI, is No-more copies, or if, in a given system, thereis set a rule running: “the Copy-one-generation copy controllinginformation is recorded without conversion to No-more-copies but istreated as No-more copies” and the copying controlling information, suchas EMI, recorded under this condition, is Copy-one-generation, thecontents are not allowed for further copying.

[0234] So, the input/output I/F 140 appends e.g., macro-vision signalsor CGMS-A signals indicating Copy-never to the analog signals to outputthe resulting signals to outside. If the CGMS-A signals recorded areCopy-never, the contents are not allowed for further copying. So, theinput/output I/F 4 outputs the contents to outside, along with analogcontents, after converting the CGMS-A signals to Copy-never.

[0235] By recording or reproducing contents as the contents arecontrolled for copying, as described above, it is possible to preventthe copying outside the range allowed for the contents (illicitcopying).

[0236] The above-described sequence of operations may be performed notonly by hardware but also by software. For example, although theencryption processing means 150 may be arranged as encrypting/decryptingLSI, it may also be arranged by a configuration in which the program isexecuted by a general-purpose computer or a one-chip micro-computer. Ifthis sequence of processing operations are executed by software, theprogram forming the software is installed on a general-purpose computeror a one-chip micro-computer. FIG. 27 shows an illustrative structure ofan embodiment of a computer on which is installed the program executingthe above-described sequence of operations.

[0237] The program may be pre-recorded on the hard disc 2705 or on theROM 2703 as a recording medium built into a computer. Alternatively, theprogram may be transiently or permanently stored (recorded) in aremovable recording medium 2710, such as a floppy disc, CD-ROM (compactdisc read only memory), MO (magneto optical) disc, DVD (digitalversatile disc), a magnetic disc or on a semiconductor memory. Suchremovable recording medium 2710 may also be furnished as a so-calledpackage software.

[0238] Meanwhile, the program may be installed on a computer from theabove-mentioned removable recording medium 2710, transmitted over aradio path to the computer from a downloading site via an artificialsatellite for digital satellite broadcasting, or transmitted to thecomputer over a cable through the networks, such as Internet. Thecomputer is able to receive the so transferred program by acommunication unit 2708 to install the program on a built-in hard disc2705.

[0239] The computer has a built-in CPU (central processing unit). To theCPU 2702 is connected an input/output interface 2711, over a bus 2701.If a command is input by a user acting on the input unit 2707, such as akeyboard or a mouse, through the input/output interface 2711, theprogram stored in the ROM (read-only memory) 2703 is executedaccordingly.

[0240] Alternatively, the CPU 2702 loads a program, stored in the harddisc 2705, a program transferred from a satellite or a network, receivedby a communication unit 2708 and installed on the hard disc 2705, or aprogram read out from the removable recording medium 2110 loaded on adrive 2709 so as to be installed on the hard disc 2705, on the RAM(random access memory) 2704, for execution.

[0241] Thus, the CPU 2702 performs the processing conforming to theabove-described flowchart, or in accordance with the configuration ofthe block diagram described above. The CPU 2702 outputs the processedresults via e.g., input/output interface 2711 from an output unit 2706formed e.g., by an LCD (liquid crystal display) or a loudspeaker, fortransmission from the communication unit 2708 or recording on the harddisc 2705.

[0242] It should be noted that, in the present specification, theprocessing steps stating the program designed for the computer to carryout a variety of processing operations are not necessarily processedchronologically in a sequence stated in the flowchart, but theprocessing also may include processing carried out in parallel orbatch-wise, such as parallel processing or processing by an object.

[0243] The program may be processed by one computer or by a pluralnumber of computers in a distributed fashion. The program may also betransferred to and executed by a remote computer.

[0244] In the present embodiment, the description has been made mainlyon an instance in which the block for encrypting/decrypting the contentsis formed by a one-chip encrypting/decrypting LSI. However, the contentsencrypting/decrypting block may also be realized by one software moduleexecuted by the CPU 170 shown in FIG. 1.

[0245] The present invention has so far been elucidated with referenceto certain preferred embodiments. It is however apparent that thepresent invention can be modified by the skilled artisan by correctionor substitution of the embodiments within the scope not departing fromthe purport of the invention. That is, the present invention has beendisclosed in the perspective of illustration and hence the scope of thepresent invention should be defined in light of the claims without beingconstrued in a limiting fashion.

Industrial Applicability

[0246] In the system of the information recording and/or reproducingdevices, according to the present invention, the key renewal blocks(KRBs) having plural different generations and versions can be stored onthe recording medium, while the latest key renewal block (KRB) can betaken out and stored in a memory in the recording and/or reproducingdevice. In the processing of storing contents on a recording medium, thelatest usable one of a plural number of KRBs stored in the memory of therecording and/or reproducing device and on the recording medium isdetected, and an encryption key, such as a media key, is acquired fromthe latest KRB. Using the so acquired latest media key, the contents areencrypted and newly stored on the recording medium. The key renewalblock (KRB) which has acquired e.g., the media key used for encryptingthe contents is newly stored on the recording medium. So, in newlyrecording the contents on the recording medium, encryption is performedusing the media key calculated based on a newer KRB.

[0247] Thus, if the KRB of the old version used in contents encryptionat the time of manufacture of the recording medium has been recorded onthe recording medium, the KRB of a newer version, issued as the illicitequipment is revoked, whereby the encrypted contents acquired from theKRB of the new version that can be acquired solely by the authorizedequipment can subsequently be stored in the recording medium, thusenabling the elimination of decryption and reproduction by the revokedequipment.

[0248] In the system of the information recording and/or reproducingdevices, according to the present invention, progressively new recordingmedia may be stored in the recording and/or reproducing device one afteranother and, in recording the data, the data are encrypted and recordedusing media keys calculated by the latest KRB stored then in therecording and/or reproducing device and in the recording medium, sothat, even granting that the recording medium was produced at a remotepast time point, with the KRB pre-stored on the recording medium beingextremely old, the probability is high that a new KRB is used at datarecording time, so that the contents may be encrypted using anencrypting key of a newer version. So, the configuration of the presentinvention provides a recording system in which it is effectivelypossible to prevent illicit duplication and propagation of dataprotected by copyright, such as motion pictures or music, for example,duplication against the intention of a copyright owner.

[0249] With the system of the information recording and/or reproducingdevices, according to the present invention, as described above, thekeys of plural generations and different versions can be stored on therecording medium, such that, when the device accesses the recordingmedium, a newer key may be stored on the recording medium, a newer KRBmay be stored from the recording medium to the memory of the recordingand/or reproducing device itself and moreover an unneeded key is deletedfrom the recording medium. The recording and/or reproducing devicehaving a KRB newer than any KRB stored on the recording medium is ableto record the new KRB on the recording medium even if contents data isnot recorded.

[0250] So, the speed of migration of new KRB is increased such thatprogressively new KRBs are stored on the recording and/or reproducingdevice. Moreover, in data recording, data is encrypted and recordedusing the media key calculated by the latest KRB stored on the recordingmedium or in the recording and/or reproducing device. Thus, even if therecording medium was produced at a remote past time point, with the KRBpre-stored on the recording median being extremely old, or the KRBstored in the recording and/or reproducing device is also old, theprobability is high that a new KRB is used at data recording time, thusassuring higher security of the encrypted data.

[0251] Therefore, with the configuration of the present invention, sucha recording system may be constructed in which the illicit duplication(duplication against the intention of the copyright owner) of dataprotected by copyright, such as motion pictures or music, may beprohibited effectively. Moreover, unneeded KRBs on the recording medium,that is the KRBs not used for encrypting the contents data and which arenot the latest one of the KRBs on the recording medium, are erased fromthe recording medium, thus saving the recording capacity of therecording medium.

1. An information recording device for recording the information on arecording medium, comprising: memory means for holding a node key uniqueto each node of a hierarchical tree structure having a plural number ofsuch information recording devices, operating as leaves, and a leaf keyunique to each information recording device, said memory means alsoholding a key renewal block formed as renewal key storage datadecryptable using at least one of the node key and the leaf key; andencryption means for decrypting the key renewal block decryptable usingat least one of the node key and the leaf key provided in saidinformation recording device to calculate an encrypting key used inencrypting data to be stored in said recording medium; said encryptionmeans encrypting the data to be stored in said recording medium usingthe calculated encrypting key; said encryption means detecting, inencrypting and storing the content for said recording medium, the latestusable key renewal block from key renewal blocks stored in saidrecording medium and from the key renewal block stored in said memorymeans of the information recording device itself, said encryption meansencrypting the data to be stored on said recording medium using theencrypting key obtained on decrypting the detected latest usable keyrenewal block.
 2. The information recording device according to claim 1wherein said encrypting key is one of a master key common to the pluralinformation recording devices, a device key unique to each informationrecording device and a media key set so as to be unique to eachinformation recording device.
 3. The information recording deviceaccording to claim 1 wherein said information recording device isconfigured for executing the processing of writing the latest usable oneof the key renewal blocks stored on said recording medium and the keyrenewal block stored in the memory means of the information recordingdevice itself on the recording medium in case the latest usable keyrenewal block is the key renewal block stored in the memory means of theinformation recording device itself and the latest key renewal block isnot as yet stored on the recording medium.
 4. The information recordingdevice according to claim 1 wherein said information recording device isconfigured for executing the processing of writing the latest usable oneof the key renewal blocks stored on said recording medium and the keyrenewal block stored in the memory means of the information recordingdevice itself, on the recording medium, in case the latest usable keyrenewal block is the key renewal block stored in the memory means of theinformation recording device itself and the latest key renewal block isnot as yet stored on the recording medium.
 5. The information recordingdevice according to claim 1 wherein said node key is configured as arenewable key and, in a renewal processing of said encrypting key, a keyrenewal block encrypted using a key including at least a lower layernode key or a lower layer leaf key is distributed to an informationrecording device as a leaf to be supplied with said encrypting key; saidencryption means in said information recording device receiving theencrypting key encrypted with said renewal node key; acquiring saidrenewal node key by encryption processing of said key renewal block; andcalculating said encrypting key based on the acquired renewal node key.6. The information recording device according to claim 1 wherein saidencrypting key is associated with a version number as the generationinformation.
 7. An information reproducing device for reproducing theinformation from a recording medium, comprising: memory means forholding a node key unique to each node of a hierarchical tree structurehaving a plural number of such information reproducing devices operatingas leaves, and a leaf key unique to each information reproducing device,said memory means also holding key renewal blocks each formed as renewalkey storage data decryptable using at least one of the node key and theleaf key; and encryption means for decrypting the key renewal blockdecryptable using at least one of the node key and the leaf key providedin said information reproducing device to calculate an encrypting keyused for decrypting the cipher data stored in said recording medium;said encryption means decrypting the cipher data stored in saidrecording medium using the calculated encryption key; said encryptionmeans detecting, in the processing of decrypting the cipher data storedin said recording medium, the one of the key renewal block stored in therecording medium and the key renewal block stored in the memory means ofthe reproducing device itself, which has a version coincident with theversion of the encrypting key of the content to be reproduced; saidencryption means executing the decrypting processing of the cipher datastored on the recording medium using the encrypting key obtained by theprocessing of decrypting the detected key renewal block.
 8. Theinformation reproducing device according to claim 7 wherein saidencrypting key is one of a master key common to the plural informationrecording devices, a device key unique to the information recordingdevice and a media key set so as to be unique to each informationrecording device.
 9. The information reproducing device according toclaim 7 wherein said information recording device is configured forexecuting the processing of writing the latest usable one of the keyrenewal blocks stored on said recording medium and the key renewal blockstored in the memory means of the information recording device itself,in the memory means of the recording and/or reproducing device itself,in case the latest usable key renewal block is the key renewal blockstored in the recording medium and the latest key renewal block is notas yet stored in the memory means of the recording and/or reproducingdevice itself.
 10. The information reproducing device according to claim7 wherein said node key is configured as a renewable key and, in arenewal processing of said encrypting key, a key renewal block obtainedon encrypting a renewal node key using a key including at least a lowerlayer node key or a lower layer leaf key is distributed to aninformation recording device as a leaf to be supplied with saidencrypting key; said encryption means in said information recordingdevice receiving the encrypting key encrypted with said renewal nodekey; acquiring said renewal node key by encryption processing of the keyrenewal block; and calculating said encrypting key based on the acquiredrenewal node key.
 11. The information reproducing device according toclaim 7 wherein said encrypting key is associated with a version numberas the generation information.
 12. An information recording method in aninformation recording device adapted for recording the information for arecording medium, said information recording device holding a node keyunique to each node of a hierarchical tree structure having a pluralnumber of such information recording devices, operating as leaves, and aleaf key unique to each information recording device, said methodcomprising: a step of detecting the latest usable one of the key renewalblocks stored in the recording medium and the key renewal block storedin said memory means of the information recording device itself, a stepof decrypting the detected latest usable key renewal block, at saiddetection step, using at least the node key or the leaf key held in saidinformation recording device, to calculate the encrypting key used inencrypting the data stored in said recording medium; and a step ofencrypting the recording data for said recording medium, using thecalculated encrypting key, to store the encrypted data on the recordingmedium.
 13. The information recording method according to claim 12wherein, in case the detected latest usable key renewal block is the keyrenewal block stored in the memory means of the information recordingdevice itself and the latest key renewal block has as yet not beenstored in the recording medium, said detection step executes theprocessing of writing the latest key renewal block in said recordingmedium.
 14. The information recording method according to claim 12wherein, in case the detected latest usable key renewal block is the keyrenewal block stored in the recording medium and the latest key renewalblock has as yet not been stored in the memory means of the informationrecording device itself, said detection step executes the processing ofwriting the latest key renewal block in said memory means of theinformation recording device itself.
 15. An information reproducingmethod in an information recording device adapted for recording theinformation for a recording medium, each of a plurality of such devicesholding a node key unique to each node of a hierarchical tree structurehaving the plural respective information recording devices operating asleaves, and a leaf key unique to each information reproducing device,said method comprising: a step of acquiring the version information ofan encrypting key for the content being reproduced, stored in arecording medium; a step of detecting the one of the key renewal blockstored in the recording medium and the key renewal block stored in amemory means of the reproducing device itself, which has a versioncoincident with the version of the encrypting key of the content to bereproduced; a step of generating an encrypting key by decryptionprocessing of a key renewal block as detected by said detection step;and a step of decrypting the cipher data stored in the recording mediumusing the generated encrypting key.
 16. The information reproducingmethod according to claim 15 wherein said detection step executes theprocessing of writing the latest usable one of the renewal blocks in thememory means of the information recording device itself, in case thelatest usable key renewal block is the key renewal block stored in therecording medium and the latest key renewal block is not as yet storedin the memory means of the information recording device itself.
 17. Aninformation recording medium capable of recording the information, saidrecording medium having stored therein, as key renewal blocks havingdifferent configurations, a plural number of key renewal blocks, eachobtained on encrypting a renewal node key contained in each node keyunique to each node forming a hierarchical tree structure having aplural number of information recording or reproducing devices operatingas leaves, and a leaf key unique to each information recording orreproducing device, using a key including at least a leaf key or a nodekey of a lower layer.
 18. The information recording medium according toclaim 17 wherein said key renewal block is associated with a versionnumber as the generation information.
 19. A computer program forexecuting on a computer system the information recording processing inan information recording device which holds a node key unique to eachnode forming a hierarchical tree structure having plural suchinformation recording devices, operating as leaves, and a leaf keyunique to each information recording device, and which records theinformation on a recording medium, said program including: a detectingstep of detecting the latest usable key renewal block from the keyrenewal blocks stored in the recording medium and the key renewal blockstored in the memory means of the information recording device itself; adecrypting step of decrypting the detected latest usable key renewalblock at said detecting step using at least one of the node key and theleaf key provided in the information recording device, to calculate theencrypting key used in encrypting the data stored on said recordingmedium; and a step of encrypting the recording data for said recordingmedium using the encrypting key as found in said decrypting step tostore the encrypted recording data on the recording medium.
 20. Acomputer program for executing on a computer system the informationreproducing processing in a information reproducing device holding anode key unique to each node forming a hierarchical tree structurehaving the plural such information reproducing devices operating asleaves, and a leaf key unique to each information reproducing device,and which decrypts the cipher data stored in the recording medium; saidprogram including: a step of acquiring the version information of anencrypting key of the content to be reproduced, stored on a recordingmedium; a step of detecting a key renewal block having a versioncoincident with the version of the encrypting key of the content to bereproduced, from the key renewal blocks stored in the recording mediumand the key renewal block stored in the memory means of the informationrecording device itself; a step of generating an encrypting key bydecryption processing of the key renewal block detected in saiddetecting step; and a step of decrypting the cipher data stored on therecording medium using the generated encrypting key.
 21. An informationrecording device for recording the information on a recording medium,each recording device comprising: memory means for holding a node keyunique to each node of a hierarchical tree structure having a pluralnumber of such information recording devices operating as leaves and aleafkey unique to each information recording device, said memory meansalso holding a key renewal block each formed as renewal key storage datadecryptable using at least one of the node key and the leaf key;encryption means for decrypting the key renewal block formed as renewalkey storage data decryptable using at least one of the node key and theleaf key provided in said information recording device to calculate anencrypting key used in encrypting the data to be stored in saidrecording medium; said encryption means encrypting the data stored insaid recording medium using the calculated encrypting key; and renewingmeans for comparing, in accessing the recording medium, the version of akey renewal block stored in the recording medium to that of the keyrenewal block owned by the information recording device itself, and forwriting the key renewal block of the new version on the recording mediumif the key renewal block of the new version is the key renewal blockstored in the memory means of the recording device itself, and the keyrenewal block of the new version is not as yet stored on the recordingmedium.
 22. The information recording device according to claim 21wherein, if the latest usable one of the key renewal block is the keyrenewal blocks stored on the recording medium and the latest usable keyrenewal block has not as yet been recorded in the memory means of therecording device itself, said renewing means writes the latest keyrenewal block in the memory means of the recording device itself. 23.The information recording device according to claim 21 wherein saidrenewal processing means detects such a one of the key renewal blocksstored on a recording medium, not used for encrypting any content datastored on said recording medium and which is not the latest one on therecording medium, and deletes the detected key renewal block from therecording medium.
 24. The information recording device according toclaim 21 wherein, in encryption and storage processing of the contentfor said recording medium, said encryption means detects the latestusable one of the key renewal blocks stored in the recording medium andthe key renewal block stored in the memory means of the informationrecording device itself and, using the encryption key acquired bydecryption processing of the detected latest usable key renewal block,undertakes to encrypt the data to be stored in said recording medium.25. The information recording device according to claim 21 wherein saidencrypting key is one of a master key common to the plural informationrecording devices, a device key unique to each information recordingdevice and a media key set so as to be unique to each informationrecording device.
 26. The information recording device according toclaim 21 wherein said node key is configured as a renewable key and, inrenewing the encrypting key, a key renewal block obtained on encryptinga renewal node key by a key at least including one of a node key of alower layer and a leaf key of a lower layer is distributed to theinformation recording device of the leaf intended to be furnished withthe encrypting key; said encryption means in said information recordingdevice receiving the encrypting key encrypted using the renewal nodekey; and acquiring said renewal node key to calculate said encryptingkey based on the acquired renewal node key.
 27. The informationrecording device according to claim 21 wherein said encrypting key isassociated with a version number as the generation information.
 28. Aninformation reproducing device for reproducing the information from arecording medium, each information reproducing device comprising: memorymeans for holding a node key unique to each node of a hierarchical treestructure having a plural number of such information reproducing devicesoperating as leaves and a leaf key unique to each informationreproducing device, said memory means also holding a key renewal blocksformed as renewal key storage data decryptable using at least one of thenode key and the leaf key; encryption means for decrypting the keyrenewal block decryptable using at least one of the node key and theleaf key provided in each information reproducing device to calculate anencrypting key used in encrypting data to be stored in said recordingmedium; said encryption means decrypting the data stored in saidrecording medium, using the calculated encrypting key; and renewal meansfor comparing, in accessing the recording medium, the version of a keyrenewal block stored in the recording medium to that of the key renewalblock owned by the reproducing device itself, and for writing the keyrenewal block of the new version in the recording medium, if the keyrenewal block of the new version is the key renewal block stored in thememory means of reproducing device itself, and the key renewal block ofthe new version is not as yet stored on the recording medium.
 29. Theinformation reproducing device according to claim 28 wherein, if thelatest usable one of the key renewal blocks stored on the recordingmedium and the key renewal block owned by the information reproduceddevice itself is the key renewal block stored on the recording medium,and said latest key renewal block has as yet not been stored in thememory means of the information recording device itself, said renewingmeans writes said latest key renewal block in the memory means of theinformation reproducing device itself.
 30. The information reproducingdevices according to claim 28 wherein said renewal means detects such aone of the key renewal blocks stored in the recording medium, not usedin encrypting any of content data stored on said recording medium andwhich is not the latest one on the recording medium, and deletes thedetected key renewal block from the recording medium.
 31. Theinformation reproducing devices according to claim 28 wherein saidencryption means detects, in the processing of decrypting the cipherdata stored in said recording medium, the one of the key renewal blockswhich is stored in the recording medium and the key renewal block storedin the recording and/or reproducing device itself, and which has aversion coincident with the version of the encrypting key of the contentto be reproduced; said encryption means executing the decryptingprocessing of the cipher data stored on the recording medium using theencrypting key obtained by the processing of decrypting the detected keyrenewal block.
 32. The information reproducing devices according toclaim 28 wherein said encrypting key is one of a master key common tothe plural information recording devices, a device key unique to eachinformation recording device and a media key set so as to be unique toeach information recording device.
 33. The information reproducingdevice according to claim 28 wherein said node key is configured as arenewable key and, in renewing the encrypting key, a key renewal blockobtained on encrypting a renewal node key by a key at least includingone of a node key of a lower layer and a leaf key of a lower layer isdistributed to an information recording device of the leaf intended tobe furnished with the encrypting key; said encryption means in saidinformation recording device receiving the encrypting key encryptedusing the renewal node key and acquiring said renewal node key byencrypting the key renewal block to calculate said encrypting key basedon the acquired renewal node key.
 34. The information reproducing deviceaccording to claim 28 wherein said encrypting key is associated with aversion number as the generation information.
 35. In a recording orreproducing device including a node key unique to each node forming ahierarchical tree structure having a plural number of such informationrecording devices, operating as leaves, and a leaf key unique to eachrecording device, said device being adapted for recording theinformation on a recording medium, a method for renewing an encryptingkey comprising: a detection step of detecting the latest usable one ofthe key renewal blocks stored on the recording medium and the keyrenewal block stored in the memory means of the recording or reproducingdevice; and a renewal step of undertaking, in case the latest version ofthe key renewal block is the key renewal block stored in the memorymeans of the information recording or reproducing device itself and thekey renewal block of the new version has not been stored on therecording medium, the writing of said key renewal block of the newversion on said recording medium.
 36. The encrypting key renewing methodaccording to claim 35 wherein said renewing step further includes a stepof undertaking, in case the latest usable one of the key renewal blocksstored on said recording medium and the key renewal block owned by theinformation recording or reproducing device itself is the key renewalblock stored on said recording medium, and the latest key renewal blockhas as yet not been stored in the memory means of the informationrecording or reproducing device, the processing of writing said latestkey renewal block in the memory means of the recording and/orreproducing device itself.
 37. The encrypting key renewing methodaccording to claim 35 wherein said renewing step further includes a stepof detecting such a one of the key renewal blocks stored in therecording medium, not used in detecting any content data stored on saidrecording medium and which is not the latest key renewal block on therecording medium, said renewing step also deleting the detected keyrenewal block from the recording medium.
 38. A computer program forhaving a computer system execute encryption key renewal processing in aninformation recording or reproducing device for recording or reproducingthe information for a recording medium, holding a node key unique toeach node forming a hierarchical tree structure having a plural numberof information recording devices operating as leaves, and a leaf keyunique to each information recording device, said computer programincluding: a detection step of detecting the latest usable key renewalblock of the new version of the key renewal blocks stored on therecording medium and the key renewal block stored in the memory means ofthe recording or reproducing device itself; and a renewal step ofundertaking, in case the latest version of the key renewal block is thekey renewal block stored in a memory means of the information recordingor reproducing device itself and the key renewal block of the newversion has not been stored on the recording medium, the writing of saidkey renewal block of the new version on said recording medium.